• Information Systems Review
• /
• v.16 no.3
• /
• pp.179-190
• /
• 2014

Because personal information files held by educational institutions include sensitive information such as personal school affairs information or health information, damages resulted from personal information leakage of educational institutions are expected to be serious. In order to respond to this problem, the Ministry of Education has expanded information security education targeting (personal) information security officers in educational institutions. However, a number of personal information leakage cases of public institutions occurred at educational institutions. Thus, this study, targeting information security education centers, through an empirical research, tries to confirm whether information security education supply is being properly provided for (personal) information security officers in educational institutions, and suggest the appropriate balance between education supply and education demand as the implication for the educational direction of information security education centers.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.311-318
• /
• 2013

It is very important to design security policy and technical framework on sensitive private data in order to protect user privacy in smart grid environment. This paper introduces secret data sharing schemes proposed for privacy protection in smart grid, and presents technical problems of them. The proposed scheme in this paper, reduces the number of rounds in sharing process and also in restoration process, and can select how many databases would be used, so eventually it shows enhancements in terms of efficiency and security.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06c
• /
• pp.131-133
• /
• 2012

오늘날 세계적으로 많은 사용자들이 온라인 소셜 네트워크 서비스(online social network service)를 이용하고 있다. 소셜 네트워크 서비스에서 사용자들은 자신에 대한 정보를 지속적으로 업로드하고 갱신하기 때문에, 기존의 웹사이트에 비해 개개인의 프라이버시를 위협할 수 있는 소지가 더 크다. 본 연구는 사용자 본인의 프로필뿐만 아니라 주변 사용자의 정보에 의해 민감한 정보가 유출될 가능성을 증명하고, 이를 사전에 탐지하는 기법을 제안한다. 또한 실제 사용자에 대한 실험을 통해 제안 기법이 민감한 정보를 사전에 탐지해내는데 효과적임을 보인다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.994-996
• /
• 2012

개인건강기록에서 프라이버시를 보호하기 위한 방안으로 환자의 식별정보를 제거하는 익명화와 식별 정보를 가상의 식별자로 변경하였다가 권한을 가진 사용자가 열람할 수 있게 복원하는 가명화, 그리고 건강기록을 암호화하여 정보를 보호하는 방법들이 연구되어 왔다. 본 논문에서는 용어표현을 위해 국제표준코드를 사용하는 건강기록에서 항목별 정보의 민감도에 따라서 암호화 수준을 달리하여 정보전체를 암호화하는 것 보다 효율적이고 강력한 보안수준을 유지할 수 있는 방법을 제시한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.173-180
• /
• 2015

The advent of personal healthcare record(PHR) technology has been changing the uses as well as the paradigm of internet services, and emphasizing the importance of services being personalization. But the problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, we propose a security labeling scheme for privacy protection in PHR system. In the proposed scheme, PHR data can be labeled also manually based on patient's request or the security labelling rules. The proposed scheme can be used to control access, specify protective measures, and determine additional handling restrictions required by a communications security policy.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.15 no.2
• /
• pp.134-143
• /
• 2022

'Data' is the key component that leads Digital Healthcare. Most of the Healthcare Data is personal information of data subject and includes Sensitive Information. It is very important for companies to use data lawfully and safely during the lifecycle of data collection, use, provision, and destruction. However, small and medium-sized enterprises(SMEs), ventures, and startups, which account for 78% of the Healthcare Services Industry, have had difficulties in performing tasks related to personal information protection. The personal Information Protection Act's requirements depending on the purpose of using Personal Information are different. Also, the requirements for each personal information lifecycle are varied. Therefore, this study suggests six purposes for companies to use healthcare data. It examines the considerations during the lifecycle in which personal information is collected to be destroyed.

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.27-36
• /
• 2009

The leaking of personal information is mostly occurred by internal users. The confidential information such as credit card number can be disclosed or modified by system manager easily. The secure storaging and managing scheme for sensitive data of individual and enterprise is required for distributed data management. The manager owning private data is needed to have a weight which is a right to disclose a private data. For deciding a weight, it is required that system is able to designate the level of user's right. In this paper, we propose the new algorithm named digit-independent algorithm. And we propose a new data management scheme of gathering and processing the data based on digit-independent algorithm. Our sharing and recovering scheme have the efficient computation operation for managing a large quantity of data using weight table. The proposed scheme is able to use for secure e-business data management and storage in ubiquitous computing environment.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.8
• /
• pp.15-23
• /
• 2016

Recently the interest in secondary use of medical information has emerged. But the domestic legislation or guidelines, such as being able to say that already specialize in healthcare information, can be seen a 'national medical privacy guidelines'. However the guidelines have suggested that only a violation of privacy laws in the medical information, it does not defined clearly with respect to protected health information(PHI) for secondary use. In this paper, we learn the HIPAA(Health Insurance Portability and Accountability Act) Privacy Rule of the US legislation which provides a non-identifiable screen instructions for secondary utilization of medical information, domestic guidelines and other country's guidelines. comparing with the HIPAA, national medical privacy guidelines and the domestic studies, we propose a new domestic target non-identifying information suitable for the domestic field and present future research direction.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.99-108
• /
• 2011

The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection / use of privacy data, processing of sensitive information / personal ID information, and encryption of privacy information); restrictions on installation / operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study. Possible solutions proposed by this study can be summed up as follows: By changing minds with sufficient legal reviews, it is required for security service providers to 1) clearly and further specify any purposes of collecting and using privacy information, if possible, 2) obtain any privacy information by legitimate means as it is necessary to collect such information, 3) stop providing any personal information for the 3rd parties or for any other purposes except fundamental purposes of using privacy information, and 4) have full knowledge about duty of safety measure in accordance with safe maintenance of privacy information and protect any personal information from unwanted or intentional leakage to others.

• Review of KIISC
• /
• v.19 no.1
• /
• pp.125-133
• /
• 2009

윤택하고 건강한 삶에 대한 인간 본연의 욕구와 급격한 정보화 흐름의 시대적 만남은 보건의료정보 교류를 위한 연구개발을 가속하는 한편, 개인의 가장 민감한 정보인 보건의료정보를 위험으로부터 어떻게 보호할 것인가에 관한 우려 또한 증대시키고 있다. 본 논문에서는 보건의료정보화 현황을 고찰하고 HL7, CCHIT, 그리고 보건복지가족부 등에서 추진 중인 보건의료 분야의 정보보호관리 표준화 동향을 소개하였다.