• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.89-97
• /
• 2016

Disclosure of personal information to be carried out in one of the Administrative Publicity, Administrative agency as specific information about the person who has violated the obligation imposed by the law is an unspecified number people know is through the direct or Internet media it is to be disclosed in an unspecified number of people. This is, indirect sanctions so as to fulfill its obligations by the addition of psychological pressure that exposes the personal information of the fact that in breach of his obligations to the breach of duty and it has been an unspecified number of people know it is a means. However, publication of these personal information, infringement of the moral rights of the Constitution guarantees an individual, of course, not only a matter of law that the right to self-determination of the personal information, has continued also doubts for the effectiveness of the system. As a result, in this paper, to discuss legal issues with the disclosure of management personal information and its improvement measures, and expected to be able to take advantage of the efficient development of the future of personal information disclosure system.

• Convergence Security Journal
• /
• v.18 no.4
• /
• pp.53-61
• /
• 2018

Recently 4th Industrial Revolution era has come up and autonomous vehicle gets a huge attention for its commercialization as well as development. To this end, many countries such as US, UK, Germany are looking into laws and policies related to autonomous vehicle making a new law system, laws, policies or at least modifying the existing ones. Korea is also facing commercialization and development of autonomous vehicle yet it's law system, laws and policies are far beyond comparing to those of advanced countries. This paper details current law system comparison of several countries providing differences and characteristics for the purpose of success of auto drive vehicle industry. On top of that we suggest a new law system, laws and policies and then provide directions as steps for mature implementation. In addition, we discuss how the new laws and policies can bring out successful commercialization as well as industrial success of autonomous vehicle at the points of consumers, vehicle makers, insurance companies, and government.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.893-896
• /
• 2011

기업들은 새롭게 변화하는 법률 및 표준이 포함하고 있는 정보보호 요구사항들을 만족하기 위해 매번 상당한 시간과 비용을 투자하고 있다. 또한, 기업이 자체적으로 개발한 내부 컴플라이언스 정책 및 체계를 활용하고 있어 다양한 법, 표준의 변화가 있을 때 기업 내의 서로 다른 조직들과 협업하여 이를 준수하기란 어려운 상황이다. 이와 같이 관련 법, 표준의 내용들이 변경되는 한, 이에 대한 컴플라이언스를 위해 반복적으로 시간과 자원이 투입되기 때문에 막대한 비용이 소요될 수 밖에 없다. 따라서 본 논문에서는 금융기관들의 컴플라이언스 체계를 개선하며 이를 효율적으로 관리할 수 있는 금융 IT보안 컴플라이언스 프레임워크를 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.116-118
• /
• 2023

자율주행차가 제공하는 새로운 시장과 경쟁력, 인력 및 시간 절약, 교통 체증 문제 해결 등의 장점을 다루고, UN 사이버 보안 법률에 따른 자율주행차의 기술적인 요구사항을 준수해야 한다. 하지만 자율주행차에 대한 기술적인 요구사항을 준수하는 것으로는 모든 사이버 공격에 대해서 막을 수 없다. 자율주행차의 법적 요구사항과 사이버 보안 위협에 대처하는 방법을 다룬다. 특히 RTOS(Real Time OS)와 같은 실시간 시스템에 매우 위험할 수 있는 DRAM(Dynamic Random Access Memory)에 대한 로우해머링 공격 기법에 대해 분석하고 로우해머링에 대한 보안 방법을 제시한다. 그리고 자율 주행 시스템의 안전과 신뢰성을 보장하기 위해 하드웨어 기반 또는 소프트웨어 기반 방어 기술을 소개하고 있다.

• Korean Security Journal
• /
• no.61
• /
• pp.39-57
• /
• 2019

The executive authority of the Ministry of Public Administration and Security on the 'management of security of the government complexes' is not sufficiently secured only with the organization law, the Government Organization Act. It is needed to establish an administrative actions law, an individual law that sets detailed contents and limitations of the executive authority to be stipulated. The current regulation, Regulation on the Management of the Government Complexes which is a Presidential Decree, is a legal decree that lacks a legal basis. The decree does not match with the current constitutional framework and raises the issue of its legality. The regulation may have the characteristics as a public property management law so far as it stipulates such matters as supply and maintenance management for the complexes, acquisition and disposition of complexes, facilities management of complexes, etc. However, the regulation includes high authority actions by an administrative organization, such as facilities security and order maintenance including restriction and control of access. This makes the regulation have the characteristics of a public property policy act as well. To supplement the legal framework for this situation, it is needed to level up some of the provisions relating to protection and security management to the level of an act as they stipulate high authority actions by an administrative organization. Other matters in the Regulation on the Management of the Government Complexes such as provisions relating to supply and allocation of complexes, etc. may be maintained as they are. In addition, the protection officers (general service official) does not own legal authority and have limitations on securing the capability to deal with the situations on implementing the on-site protection duty. Therefore, it is needed for the protection officers to secure protection duty-related authority by stipulating in a law. The main contents of the law on the protection and security of the government complexes may be those matters providing reservations on the implementations of laws. These may include the limitation of rights of and charging obligations on the people such as restricting the actions of personnel in the complex, rights and obligations of protection personnels relating to their duties, use of weapons, training of protection personnel, penal provisions, etc. These legal reservations should be included in an individual act.

• Review of KIISC
• /
• v.23 no.1
• /
• pp.35-43
• /
• 2013

국내 시중에는 약 304개 금융회사가 금융 및 보험 상품 서비스를 제공하고 있으며, 최근 금융감독원에서는 국내 304개 금융회사(생 손보 39개사)를 대상으로 한 개인정보수집 이용제공 동의서 운영실태 점검 결과 총 49개 금융회사에서 문제점이 발견되었다. 2012. 2. 17일 개정된 정보통신망 이용촉진 및 정보보호 등에 관한법률에서는 본인 인증확인기관, 법령에서 별도로 수집 이용하는 경우와 방송통신위원회가 고시하는 경우 이외에는 주민등록번호의 사용을 제한하고 있다. 본 연구에서는 국내 개정된 정보보호 관련 법률 관점에서 현 금융회사의 개인정보 활용 및 그에 따른 보안 실태를 연구하고 관련 결과에 따른 법적 IT컴플라이언스를 준수할 수 있는 개인정보 치환 및 관리 방법론 등 관련 법률과 기업의 사회적 책임(CSR)을 만족시킬 수 있는 방안을 제언하고자 한다.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2022.10a
• /
• pp.407-411
• /
• 2022

공항 시설에서 통틀어 보안이 가장 취약한 곳은 Landside이다. 항공기 테러가 빈번하던 시절에는 X-ray를 비롯한 검색기술의 수준이 높지 않았던 탓에 Hijacking이나 폭발물에 의한 피해가 많았었다. 물론 기술이 발전한 현대에 와서도 Hijacking이나 항공기 폭파 같은 테러가 발생하고 있지만 9.11테러 이전보다는 훨씬 감소한 상황이다. 최근에는 보안수준이 높은 Airside 보다 상대적으로 보안이 취약한 Landside에 대한 보안 강화가 필요하다. 그 이유는 테러의 유형이 협상의 여지가 없는 최대피해와 최대공포를 주는 방식으로 변화하고 있기 때문이다. 따라서 상대적으로 부담이 덜하고 유동인구가 많은 Landside가 Soft Target이 되었다. 이런 상황에서 대한민국 공항이 어떻게 대응해야 하는지 관련된 법을 중심으로 본 연구를 진행해 보고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.363-365
• /
• 2014

Internet baking, e-commerce, business processing, etc on smartphone handing could be possible in present days. Ambiguity between cyber and real life has made vulnerability on infrastructure, Gov't Service and National security by cyber terrorism. Especially, Lots of Infrastructure and Gov't Service based on Information Technology were exposed by Cyber terror. Legal system should be improved to keep from these threats. This paper proposed needs of cyber legal system by analyzing proposed cyber related code on Korean National Assembly, issue on Cyber Control Tower, National Cyber Security Industry and Human resource.

• Journal of Digital Convergence
• /
• v.11 no.4
• /
• pp.139-145
• /
• 2013

This study examines the logistics policy and system to activate the air freight known shipper system in Korea in order to suggest how to use the system necessary to convert and expand common shippers into known shippers. Even though "The Act on Aviation Safety and Security" and "Air Freight Security Criteria for Known Shippers" were revised in 2012 and 2011 each, the purpose was to regulate procedures to control aviation safety and security and air also freight security, so it does not include any measures to activate the known shipper system. Therefore, to activate the known shipper system, this study suggests measures to use the logistics security support system of "The Fundamental Law on Logistics Policy" revised in 2012, the logistics cooperation system, and consulting support as well.