• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1083-1095
• /
• 2021

With the recent increase in users' dependence on the Internet and the spread of various IT devices, the influence of information security on the users' has expanded compared to the past. Therefore, it is expected to have an increased influence on information security in personal life. In addition, as the intrusion factors that threaten security continue to become more advanced and diversified (eg., fake news, cyberbullying, identity theft), the need for nurturing information security experts is increasing. Furthermore, not only corporate information security workers, but also all individuals, cannot be free from the threat of information security. Therefore, it is necessary to prepare various information security education to improve information security awareness and induce proactive information security behaviors. In this study, characteristics of domestic and foreign information security education courses are analyzed and provide a standardized framework for information security education applicable to the domestic environment.

• Informatization Policy
• /
• v.20 no.3
• /
• pp.63-85
• /
• 2013

Drawing on Protection Motivation Theory(PMT), this study attempts to clarify antecedents that influence the intention to protect individuals' privacy on the Internet. Protection motivation forms through individuals' cognitive appeal involving threat and efficacy. Then protection motivation causes privacy behavioral change. Protection motivation factors are established privacy trust and privacy risk, which are related to privacy attitude and belief. This proposed model is empirically analyzed by utilizing structural equation analysis(SEM). According to the result of the empirical analysis, it is founded that almost paths have statistically significant explanatory power except path from efficacy to privacy risk and path from privacy trust to privacy behavioral intention. This study shows powerful evidence of antecedent factors based on protection motivation of individuals' privacy behavioral intention in online environment.

• Informatization Policy
• /
• v.23 no.4
• /
• pp.38-58
• /
• 2016

The ever-evolving Internet environment along with changes in the mass media has been creating a new way of communicating in the virtual cyber world. The Internet users have more services at their disposal to communicate with ease. Such a new way of communication styles, however, makes them vulnerable to personal information leakage, increasing the concerns of cyber security. A thorny issue is how we can control the disclosure of personal information. Lately, the Korean government implemented privacy policies to resolve and prevent personal information leakage incidents that incur social problems. Here, we seek to identify problems in the privacy policies for better solutions.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.2
• /
• pp.492-497
• /
• 2019

This study analysed the legal concept of personal information(PI), which was not differentiated from behavioral information, and established it clearly for invigorating online targeted advertising(OTA), which draw attention in big data era; by selecting Guidelines of Assessment of Data Breach Incident Factors and Guidelines of Measures for No-Identifying Personal Information based on Personal Information Protection Act(PIPA) and Enforcement Decree of the PIPA. As a result, PI was defined as any kind of information relating to (1)a living individual(not group, corporate body or things etc.); (2)makes possibly identify the individual by his or her identifiers such as name, resident registration number, image, etc. (not included if not identify the individual); and (3)including information like attribute values which makes possibly identify any specific individual, if not by itself, but combined with other information which can be actually collected and combined). Specifically, PI includes basic, proper distinguishable, sensitive and other PI. It is suggested that PI concept should be researched continually with digital technology development; the effectiveness of the Guidelines of PI Protection in OTA, the legal principles of PI protection from not only users' but business operators' perspectives and the differentiation between PI and behavioral information in OTA should be researched.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.665-679
• /
• 2018

With the development of information and communication technology, especially wireless Internet technology and the spread of smart phones, digital data has increased. As a result, privacy issues which concerns about exposure of personal sensitive information are increasing. In this paper, we analyze the privacy vulnerability of online big data in domestic internet environment, especially focusing on portal service, and propose a measure to evaluate the possibility of privacy violation. For this purpose, we collected about 50 million user posts from the potal service contents and extracted the personal information. we find that potal service user can be identified by the extracted personal information even though the user id is partially anonymized. In addition, we proposed a risk measurement evaluation method that reflects the possibility of personal information linkage between service using partial anonymized ID and personal information exposure level.

• Review of KIISC
• /
• v.18 no.3
• /
• pp.48-52
• /
• 2008

인터넷 사용의 증가와 함께, 일반인들의 악성 코드 혹은 악의적인 해킹에 대한 피해가 날로 증가해 가고 있다. 특히 과거 인터넷이 연결되어 있던 특정 서버만을 대강으로 삼았던 공격들이, 지금은 인터넷에 연결되어 있는 일반 개인 사용자들의 애플리케이션 취약점을 이용한 공격들로 확대되고 있다. 특히 우리나라의 경우, 매우 급속한 인터넷 사용자들이 증가하고 온라인 상에서의 쇼핑과 게임 커뮤니티 활동이 매우 활발히 이뤄지고 있어, 인터넷을 이용한 해킹에 매우 많이 노출되어 있다. 본 글에서는 개인 사용자들의 대다수 PC에서 사용되는 애플리케이션인 온라인 게임 프로그램 및 웹 브라우저에서의 취약점들과 해킹 유형에 대하여 살펴본다.

• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.1-17
• /
• 2018

Recently, most online firms are trying to provide personalized services based on customer's data. However, customers are reluctant to give their information to online firm because of concerns about data breach. Online firms are seeking to increase their trust by ensuring the protection of personal information for customers through privacy seal (e.g. e-privacy) or data breach insurance. This research examines the effects of privacy assurance(i.e. privacy seal, data breach insurance) on consumer behavior in online environment. An experiment based on the hypothetical scenario was conducted using a between-subjects 2 (type of privacy assurance) + 1 (control) design. We found that both privacy seal and data breach insurance increased perceived privacy trust. In addition, privacy seal has a positive effect on the intention to provide personal information through perceived privacy trust. Finally, in the case of the group with a high (low) disposition to trust, higher perceived privacy trust is formed through privacy seal (data breach insurance). Theoretical and practical implications are discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.129-139
• /
• 2011

Recently by the privacy & data security law, when a user registers the online membership, we need to take action to check a progress of identification without resident registration number. On the most of websites, I-PIN is used by identification instead of the resident registration number. However, I-PIN causes dangerous situations if someone steals the ID and a password, the personal data can be easy to exposure. In this paper, we propose the OTP, which can solve all these problems by guaranteeing the identification of unlinkability. This type of method would help the process of membership registration without fixed data like ID and a password in online so it would be very useful to security of private data.

• Information Systems Review
• /
• v.25 no.4
• /
• pp.233-248
• /
• 2023

The increasing integration of intelligent information technologies within organizational systems has amplified the risk to personal information security. This escalation, in turn, has fueled growing apprehension about an organization's capabilities in safeguarding user data. While Internet users adopt a multifaceted approach in assessing a company's information security, existing research on the multiple dimensions of information security is decidedly sparse. Moreover, there is a conspicuous gap in investigations exploring whether users' evaluations of organizational information security differ across industry types. With an aim to bridge these gaps, our study strives to identify which information security attributes users perceive as most critical and to delve deeper into potential variations in these attributes across different industry sectors. To this end, we conducted a structured survey involving 498 users and utilized the analytic hierarchy process (AHP) to determine the relative significance of various information security attributes. Our results indicate that users place the greatest importance on the technological dimension of information security, followed closely by transparency. In the technological arena, banks and domestic portal providers earned high ratings, while for transparency, banks and governmental agencies stood out. Contrarily, social media providers received the lowest evaluations in both domains. By introducing a multidimensional model of information security attributes and highlighting the relative importance of each in the realm of information security research, this study provides a significant theoretical contribution. Moreover, the practical implications are noteworthy: our findings serve as a foundational resource for Internet service companies to discern the security attributes that demand their attention, thereby facilitating an enhancement of their information security measures.

• Review of KIISC
• /
• v.24 no.3
• /
• pp.21-26
• /
• 2014

페이스북 등과 같은 소셜 네트워크 서비스 (SNS: Social Network Service)가 개인 정보 공유 및 타인과의 커뮤니케이션에 빈번하게 이용됨에 따라서, 소셜 네트워크 서비스에서 사이버 스토킹이 중요한 문제가 되고 있다. 그러나, 지금까지는 온라인 소셜 네트워크 서비스에서의 사이버 스토킹 행위를 이해하기 위한 연구가 다소 부족한 상황이다. 본 논문에서는 페이스북 사용자들의 사이버 스토킹 행위를 보다 더 잘 이해하기 위하여 온라인 설문조사를 수행하였다. 본 논문의 결과는 사이버스토킹에서 (1) 주로 대상이 되는 콘텐츠(예: 개인 사진)가 무엇인지, (2) 어떤 그룹이 주로 스토킹의 대상이 되는지를 보여준다. 본 논문은 이러한 결과 관찰을 통하여 어떻게 온라인에서 사용자 프라이버시를 보호할 수 있는지를 검토한다.