• Review of KIISC
• /
• v.20 no.1
• /
• pp.74-87
• /
• 2010

우리나라에서 국민식별번호로 사용되고 있는 주민등록번호는 국민을 유일하게 식별할 수 있는 유일식별성과 그로 인한 국민정보 관리편리성으로 인해 오랜 기간 공공 및 민간부문에서 사용되어 왔다. 특히 정보시스템의 일반화되면서 행정기관이나 민간기업들이 서비스 제공에 필요한 국민 또는 고객의 정보를 관리하면서 식별정보로써 그리고 정보들을 연결하는 연결자로써 널리 사용해 왔다. 비록 지금까지 오랜 기간 주민등록번호가 공공 및 민간분야에서 개인식별번호로 널리 사용되어 왔지만, 최근 발생횟수가 증가되고 사회적, 경제적 피해가 심각해지고 있는 주민등록번호 도용과 그에 따른 프라이버시 침해 문제의 심각성을 고려할 때 새로운 체계의 국민식별번호 및 관련 인프라에 대해 연구가 필요한 시점이다. 따라서 본 고에서는 현재 우리나라의 온라인, 오프라인 환경에서 개인식별번호로서 널리 사용 중인 주민등록번호의 보안 및 프라이버시 관점에서의 문제점을 살펴보고 이를 보완할 수 있는 새로운 국민식별번호체계를 제안한다.

• Proceedings of the Korean Association of Geographic Inforamtion Studies Conference
• /
• 2008.10a
• /
• pp.293-296
• /
• 2008

유비쿼터스도시는 기반시설을 지능화하여 효율적으로 도시를 관리하고, 다양한 정보의 융합을 통한 첨단 도시서비스를 제공하는 새로운 개념의 생활공간이다. 유비쿼터스도시에서 활용하는 유비쿼터스정보기술은 언제, 어디서나 편리하게 유용한 정보를 제공하는 이점이 있다. 그러나 첨단화된 컴퓨팅 기술로 말미암아 도시민들이 인식하지 못하는 사이에 정보의 유통 활용이 이루어짐으로써, 다양한 정보를 어떻게 보호할 것인지에 대한 문제가 이슈로 대두되고 있다. 또한 유비쿼터스도시 통합운영센터로의 정보 집중으로 인한 정보유출 또는 정보침해 방지 대책이 주요 이슈로 등장하게 되었다. 본 연구에서는 개인정보의 유출에 대한 원인을 다각도에서 분석하였다. '유비쿼터스도시 정보보호 기반조성'이라는 기본방향 아래 '개인정보보호를 통한 삶의 질 향상'을 목표로 하였다. '정보보호를 위한 체계 수립', '유비쿼터스사회에 대비한 정보보호 기반 조성', '정보보호 모델개발 및 지원', '시민이 참여하는 정책수립'을 추진전략으로 수립하였으며 이를 실천하기 위한 주요 추진과제들을 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.721-737
• /
• 2014

The Resident Registration Number(RRN) system has been effectively acted as a national identification system since it was enforced. On the other hand, there are some problems such as leakages of personal informations including RRNs on a large scale and each RRN makes a pair with each person in all areas of the society. Nevertheless leakages of them might cause a big damage, there is no radical countermeasure for they are never changed in actual fact. In Republic of Korea, a RRN acts as a primary key of a database, so it has to be protected by severing the connectivity between leaked RRNs and the other personal data. In this paper, the Unconnected Random Personal Identification Number system is proposed for preventing damage of data spills by removing a dependency which the RRN has. Furthermore, this paper suggests the solutions against some potential issues in the system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.165-167
• /
• 2023

정부에서는 내·외부 사이버 보안 위협 고도화에 대한 실질적이고 효과적인 대응을 위해 정보보호관리체계(Information Security Management; 이하 ISMS) 인증에 대한 법령을 시행하고 있다. ISMS 인증은 컨설팅과 인증심사를 분리하여 독립성을 확보하였으며, 현장심사 비중을 높여 기존 문서심사에 치중되었던 인증·평가제도와의 차별화를 통해 실효성을 증진시켰다. 그러나 최근 ISMS 인증을 받은 대상자임에도 불구하고 개인정보 정보유출 사고, 대규모 서비스 장애가 유발됨으로써, 다시금 ISMS 인증의 실효성 문제가 제기되고 있다. 현재 제기되고 있는 문제의 요인은 인증기준에 적합한 최소한의 요구사항만 심사·심의하는 ISMS 인증의 한계점에 기인한다. 본 논문에서는 이와 같은 ISMS 인증의 실효적 한계점을 개선하고 인증취득 대상자의 실질적 보안역량 강화시키기 위하여 성숙도 평가모델에 기반한 ISMS 인증제도 운영 방안을 제언한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.157-164
• /
• 2006

Information is playing a key role in sufficing the needs of individual members of the society in today's rapidly changing environment. Especially, the cases of illegal gathering of privacy information will increase and the leakage of privacy information will grow as the individual activities in the ubiquitous computing environment. In this paper, we suggested the privacy framework in order to make design and implementation of secure and effective privacy management system. Ant we also introduced the methodology which is represent to 5 specific stages in order to suggest to the privacy system development guideline from the standpoints of the privacy system operator or developer. Especially, we tried to determine whether the suggested methodology can be effectively used in the real computing environment or not by making necessary investments in management (privacy policy) and technical (system architecture) sides. We believe that the privacy framework and methodology introduced in this research can be utilized to suggest new approach for showing direction from the privacy protection perspective, which is becoming more important in ubiquitous environments, and practical application rather than providing conceptual explanation from the views of engineer or developer.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.3
• /
• pp.19-26
• /
• 2023

Critical information infrastructure designations for cloud service providers continue to spread around the world as energy, financial services, health, telecommunications, and transportation sectors move to the cloud. In addition, in the case of Ukraine, the removal of restrictions on the use of cloud for national critical facilities and the rapid transition of critical data to the cloud enabled the country to effectively respond to cyberattacks targeting Russian infrastructure. In Korea, the ISMS-P is operated to implement a systematic and comprehensive information protection management system and to improve the level of information protection and personal information protection management in organizations. Control items considering the cloud environment have been modified and added to the audit of companies. However, due to the different technical levels of clouds between domestic and global, it is not easy to obtain information on the findings of cloud providers such as Microsoft for the training of domestic certification auditors on hyperscale scale. Therefore, this paper analyzes findings in hyperscale clouds and suggests ways to improve cloud-specific control items by considering the compatibility of hyperscale environments with ISO/IEC 27001 and SOC(System and Organization Control) security international standards.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.49-58
• /
• 2022

As military service members are fully permitted to use mobile phones for sickness after work, it is time to minimize the direct collection of personal information from telecommunication companies when opening mobile phones to secure the safety of military service personnel's personal information. Prior to introducing the use of mobile phones by soldiers after work, the Ministry of National Defense established a security control system such as blocking the mobile phone shooting function to prevent security accidents and concerns about some adverse functions such as illegal cyber gambling, game addiction, and viewing pornography. come. Mobile telecommunications companies entrust personal information processing tasks, such as opening mobile phones, to telecommunications agencies and carry out management and supervision, such as checking the status of personal information protection measures. When a military service member opens a mobile phone, a personal information management agency is newly established using the right to portability of personal information, and a system for requesting the transmission of personal information from the military service member is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.391-400
• /
• 2012

This study focused on the role of the center for private information, which can manage and share the personal data from data breach incidents. Especially, this study addresses on the importance of establishing information management systems for preventing secondary misappropriation of breached personal data and private information. The database of breached personal data can be used for reducing privacy worries of potential victims of secondary misuse of personal data. Individuals who use the same IDs and passwords on multiple websites may find this service more effective and necessary. The effectiveness of this breached data center on reducing secondary privacy infringement may differ depending on the extend of data being shared and the conditions of data submission. When businesses experienced data breach and submission of data to this center is required by the law, the accuracy and effectiveness of this service can be enhanced. In addition, centralized database with high quality data set can increase matching for private information and control the secondary misappropriation of personal data or private information better.

• Journal of Convergence for Information Technology
• /
• v.8 no.1
• /
• pp.179-185
• /
• 2018

Big Data is strictly positioning one of method to deal with problems faced with mankind, not an icon of revolution in future anymore. Application of Big Data and protection of personal information have contradictoriness. When we weight more to usage of Big Data, someone's privacy is necessarily invaded. otherwise, we care more about keeping safe of individual information, only low-level of research using Big Data can be used to accomplish public purpose. In this study, we propose a method to anonymize Big Data collected in order to investigate the problems of personal information infringement and utilize Big Data and protect personal. This will solve the problem of personal information infringement as well as utilizing Big Data.

• Review of KIISC
• /
• v.19 no.1
• /
• pp.125-133
• /
• 2009

윤택하고 건강한 삶에 대한 인간 본연의 욕구와 급격한 정보화 흐름의 시대적 만남은 보건의료정보 교류를 위한 연구개발을 가속하는 한편, 개인의 가장 민감한 정보인 보건의료정보를 위험으로부터 어떻게 보호할 것인가에 관한 우려 또한 증대시키고 있다. 본 논문에서는 보건의료정보화 현황을 고찰하고 HL7, CCHIT, 그리고 보건복지가족부 등에서 추진 중인 보건의료 분야의 정보보호관리 표준화 동향을 소개하였다.