• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.87-109
• /
• 2016

This study intends to present an effective and efficient development plan about the information protection of medical institutions, by establishing the improvement plan about Personal Information Management System(PIMS) appropriate to the characteristics of medical information focusing on medical institutions generating and using domestic medical information, and doing an empirical study on medical information protection plan. For this, in view of the medical characteristics of the existing Information Security Management System(ISMS), the study presented a study model appropriated to medical institutions based on Personal Information Management Systems index specialized for personal information, and through this, presented the vulnerability diagnosis and vulnerability improvement plan. Based on ISMS index, it designed an improvement index of personal information protection management about each index. The study conducted a survey for executives and employees about PIMS. Accordingly, it presented vulnerability diagnosis items of the current management system indexes from the viewpoint of the people who establish and mange the personal information protection about patients' medical information targeting executives and employees who serve at hospitals and can access medical information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.283-293
• /
• 2012

A new type of malware that extracts personal and account data over an extended period of time and that apparently is resistant to detection by vaccines has been identified. Generally, a malware is installed on a computer through network-to-network connections by utilizing Web vulnerabilities that contain injection, XSS, broken authentication and session management, or insecure direct-object references, among others. After the malware executes registration of an arbitrary service and an arbitrary process on a computer, it then periodically communicates the collected confidential information to a hacker. This paper is a systematic approach to analyzing a new type of malware called "winweng," a kind of worm that frequently made appearances during the first half of 2011. The research describes how the malware came to be in circulation, how it infects computers, how its operations expose its existence and suggests improvements in responses and countermeasures. Keywords: Malware, Worm, Winweng, SNORT.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.3
• /
• pp.33-39
• /
• 2012

Since the passing of the Personal Information Act in March 2011 and its initial introduction in September, over the one year to date diverse security devices and solutions have been flowing into the market to enable observance of the relevant laws. Beginning with security consulting, corporations and institutions have focused on technology-based business in order to enable observance of those laws competitively in accordance with 6-step key procedures including proposal, materialization, introduction, construction, implementation, and execution. However there has not been any investment in human resources in the field of education such as technology education and policy education relative to the most important human resources field nor investment in professionals in the organization for the protection of personal information or in human resources for operating and managing IT infrastructure for actual entire personal information such as special sub-organizations. In this situation, as one process of attracting change from the nature of the technology-based security market toward a professional human resource-based security infrastructure market, it is necessary to conduct research into standardization modeling concerning special organizational composition and a management system for the protection of personal information.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.4
• /
• pp.210-220
• /
• 2008

Insider threat is becoming a very serious issue in most organizations and management is responsible for security implementation. This study is to develop a personnel security management indicators in the areas of Personnel Assurance, Personnel Competence, and Security Environment and protection against insider threats. In this study, the information security management system and related papers are examined by reviewing the existing researches and cases. Proposed indicators are verified by pilot test, empirically analyzed to expose experts' perception and the validity, importance, and risk level of each indicators through a questionnaire. Result were encouraging, but additional study focused on personnel security management using factor analysis is needed in the future.

• Convergence Security Journal
• /
• v.7 no.2
• /
• pp.101-106
• /
• 2007

Recently, Ubiquitous innovation is being promoted so that they can support the uHealthcare provide management to human's health. It is thus necessary to conduct such research on the medical care environment where there is a high demand for utilization of status information. In the current situation, there is a lack of research on measures of security processing and monitoring patient status information produced from rapid growth of infra within Medical environment. This study suggests a solution of using RFID to gather patient information such as inpatient information, location of treatment room, progress of patient, humidity, temperature, and diagnostic status, after which the information are protect and processed using security level method.

• Journal of Internet Computing and Services
• /
• v.22 no.2
• /
• pp.123-131
• /
• 2021

The Fourth Industrial Revolution was triggered by data-driven digital technologies such as AI and big data. There is a rapid movement to expand the scope of data utilization to the privacy area, which was considered only a protected area. Through the revision of the Data 3 Act, laws and systems were established that allow personal information to be freely transferred and utilized under their consent. But, it will be necessary to support the platform that encompasses the entire process from collecting personal information to managing and utilizing it. In this paper, we propose a platform model that can be applied to building mydata ecosystem using personal information. It describes the six essential functional requirements for building MyData platforms and the procedures and methods for implementing them. The six proposed essential features describe consent, sharing/downloading/ receipt of data, data collection and utilization, user authentication, API gateway, and platform services. We also illustrate the case of applying the MyData platform model to real-world, underprivileged mobility support services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.123-140
• /
• 2022

Recently, research on solving problems that have introduced the concept of smart city in countries and companies around the world is in progress due to various urban problems. A smart city converges the city's ICT, connects all the city's components with a network, collects and delivers data, and consists of a supply chain composed of various IoT products and services. The increase in various cyber security threats and supply chain threats in smart cities is inevitable, in addition to establishing a framework such as supply chain security policy, authentication of each data provider and service according to data linkage and appropriate access control are required in a Zero-Trust point of view. To this end, a smart city security model has been developed for smart city security threats in Korea, but security requirements related to supply chain security and zero trust are insufficient. This paper examines overseas smart city security trends, presents international standard security requirements related to ISMS-P and supply chain security, as well as security requirements for applying zero trust related technologies to domestic smart city security models.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.11
• /
• pp.287-294
• /
• 2018

This thesis covers legal aspects of the crypto-currency exchange and the legal rights of crypto-currencies holders. Unlike financial markets in which central authorities or intermediaries determine the validity of transactions and manage records, crypto-currency markets utilize a decentralization system based on block chain technology. Such distinct characteristics distinguish crypto-currency from currency, notes, or financial instruments. Therefore, we need to check closely the legal principles that are applicable to crypto-currency. Crypto-currency users possess rights indirectly through the crypto-currency exchange. However, we should look at whether crypto-currency can be an object of ownership. This research found that legal protection for crypto-currency exchanges are limited. Domestic laws have many shortcomings to protect users' rights. This study found that users who incurred damages due to internet computation errors at exchanges require a protective system like stock markets. Therefore, studies on the legal controls and system regulations are required to protect users' rights. Also, crypto-currency information exchanges keep inside and protections for users' private information need to be further examined.

• The Korean Journal of Air & Space Law and Policy
• /
• v.30 no.2
• /
• pp.337-371
• /
• 2015

In recent years, aviation safety has been facing new hazards due to the rapidly changing environment in which aircraft operation increasingly finds. Continuously increasing air traffic volume, integration of various cultures from many States, and many other changes are the causal factors of the new risks. To identify such new hazards and risks, the government of the Republic of Korea (ROK) established aviation safety reporting systems in accordance with the international standards of the Convention on International Civil Aviation. However, there are some misunderstandings by the government in operating and by the personnel who take part in these reporting systems. Everybody should understand that aviation safety reporting system is not a punitive measure but a tool for collecting data in order to improve safety. In addition, such a system can be utilized further to promote an improved awareness on the need for a proper safety culture on the part of both the government, the industry and the personnel. This paper includes studies on international standards, relevant regulations in the United States and the United Kingdom. Moreover, this paper proposes to the government of ROK several points to improve their own system, including integration of the existing reporting systems, improvement of reporting items, implementation of safety data taxonomy and the establishment of safety data protection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.873-883
• /
• 2017

As Ransomware spreads, the target of the attack shifted from a single personal to organizations which lead attackers to be more intelligent and systematic. Thus, Ransomware's threats to domestic infrastructure, including the financial industry, have grown to a level that cannot be ignored. As a measure against these security issues, organizations use ISMS, which is an information protection management system. However, it is difficult for management to make decisions on the loss done by the security issues since amount of the damage done can not be calculated with just ISMS. In this paper, through FAIR-based loss measurement model based on scenario's to identify the extent of damage and calculate the reasonable damages which has been considered to be the problem of the ISMS, we identified losses and risks of Ransomeware on the financial industry and method to reduce the loss by applying the current ISMS and ISO 27001 control items rather than modifying the ISMS.