• Journal of radiological science and technology
• /
• v.31 no.4
• /
• pp.347-353
• /
• 2008

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.33-51
• /
• 2011

This research derived the influencing factors for employees' compliance with the information security policy in organizations on the basis of Neutralization Theory, Theory of Planned Behavior and Protection Motivation Theory. To empirically analyze the research model and the hypotheses, data were collected by conducting web survey, 194 of 207 questionnaires were available. The test of causal model was conducted by PLS. Reliability, validity and model fit were found to be statistically significant. the results of hypotheses tests showed that seven ones of eight hypotheses could be accepted. The theoretical implications of this study are as follows : 1) this study is expected to play a role of baseline for future research about employee compliance with the information security policy, 2) this study attempted interdisciplinary approach through combining psychology and information system security research, and 3) it suggested concrete operational definitions of influencing factors for information security policy compliance through comprehensive theoretical review. Also, this study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for implement of information system security policies in organizations. Second, it is proved that the need for conducting education and training program suppressing employees. neutralization psychology to violate information security policy should be emphasized in the organizations.

• Information Systems Review
• /
• v.18 no.2
• /
• pp.127-149
• /
• 2016

Based on a comprehensive literature review on Theory of Planned Behavior and Social Cognitive Theory, this study proposes and empirically examines a structural model consisting of factors affecting voluntary information security compliance behavior. To test the proposed research model, the study analyzes survey results from employees of a major Korean energy company, which employs an enterprise compliance support system. Results indicate three factors: compliance behavioral belief and compliance knowledge affect compliance behavior; compliance knowledge works as a mediator in the relationship between compliance behavioral belief and compliance behavior; and the more relevant the compliance is to an employee's job, the more the employee prioritizes compliance knowledge. This study suggests methods for encouraging employees to embrace voluntary, positive information security compliance standards. By doing so, this article aims to promote a more effective corporate compliance system for information security and enhance sustainable management practices.

• Journal of The Korean Association of Information Education
• /
• v.18 no.1
• /
• pp.143-149
• /
• 2014

We study the level on the knowledge, attitudes, and practice of primary school (grades 3-6 students ) for the safe use of smart devices, and identify student status for the safe use of smart devices, and suggests ways of appropriate data collection, analyzing of data. Through this research, for the safe use of smart devices in education showed that the effect is very insignificant and the knowledge and practice of smart devices are widely recognized. We will suggests the suitable education contents for the smart devices safe use for primary school students. These education will be made up of 'smart devices safety using' and we will expect that primary students will be able to cultivate the 'smart devices security awareness'.

• The Journal of the Korea Contents Association
• /
• v.6 no.9
• /
• pp.85-97
• /
• 2006

Schemes to case analysis and cope with on-line game crimes net supervision system, a real name confirmation process, and a self-examination system to check by themselves if they are addicted to on-line games with a view to prevent the addiction. In addition, this study found that general precuations should comprise measures to change the awareness of the users of the internet and to establish their ethical senses because most on-line garners are not aware that their actions are a crime and believe their crimes are not disclosed to the outsiders.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.71-77
• /
• 2012

Along with the development of Internet services such as Social Network Service (SNS) and blog Service, the privacy is very important in these services. But personal data is not safety from exposure to internet service. If personal data is leak out, the privacy is disclosed to hacker or illegal person and the personal information can be used in a cyber crime as phishing attacks. Therefore, the model and method that protects to disclose privacy is requested in SNS and blog services. The model must evaluate degree of exposure to protect privacy and the method protects personal information from Internet services. This paper proposes a model to evaluate risk for privacy with property of personal data and exposure level of internet service such as bulletin board. Also, we show a method using degree of risk to evaluate with a proposed model at bulletin board.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.578-579
• /
• 2021

According to a survey on the infringement of SMEs, the level of technology protection capability is improving every year, but technology leaks and damage continue to occur. This shows that there is a need for a security management and supervision system that can strengthen the security awareness of SME executives and employees and maintain the security level continuously. The Personal Information & Information Security Management System(ISMS-P) authentication systems is the latest related standard, which has the problem of applying the same certification criteria without considering the types of certification target organizations such as ISPs, IDC, hospitals and schools, and SMEs.. In this paper, 73 evaluation items that can be specialized and applied to SMEs were derived by referring to ISMS-P certification and Personal Information Protection Management System (PIMS) certification. The results of the study show that the number of evaluation items decreased by 28.4% compared to the existing ISMS-P certification.

• 정보보호뉴스
• /
• s.136
• /
• pp.22-25
• /
• 2009

사단법인 한국침해사고대응팀협의회(CONCERT) 사무국은 지난 1월 4일부터 23일까지 3주간에 걸쳐 CONCERT 396개 회원사 중 125개 정회원사를 대상으로 '2009년도 기업 정보보호 이슈'에 대한 조사를 실시했다. CONCERT의 정회원사는 현재 보안전담팀이 구축.운영되고 있는 기업 및 기관, 즉 기업 정보보호에 있어 그들만의 뚜렷한 의식을 지니고 있는 곳을 의미하기에, 이들을 대상으로 한 설문결과는 사실상 우리나라 기업 정보보호의 방향성을 제시한다고 해도 과언이 아니다. 매년 그렇듯이 CONCERT FORECAST 보고서는 제품/서비스 공급자나 학계 등의 의견이 아닌 순수 유저들의 입장에서 기업 실무와 직접적으로 연관된 이슈들만을 추려냈다는 점에서 타 전망자료들과는 그 궤를 달리하며, 그렇기에 기업 실무자의 입장에서는 가장 흥미롭고 유용한 참고자료로 사용될 수 있다. 기업 정보보호 담당자들의 현실적인 고민들이 듬뿍 묻어있는 금번 조사결과를 소개한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.655-663
• /
• 2018

As digitalization accelerates, the use of digital information is increasing in public institutions such as schools and libraries, and the demand for print services is also increasing. Among many services, printing service on public PCs should charge fee to printer users, but it is a very difficult task for administrators. Print management solutions have been developed and are now widely used to automate these demanding tasks. In this paper, we analyze the vulnerability of printer management solutions used in public institutions. However, the security awareness of public PC administrators and printer management solution developers seem to be lacking.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1483-1490
• /
• 2017

Wearable devices need a host device to be paired with because of connectivity, functionality and ease personalization. There should be frequent update and backup processes between the paired devices even without user's consciousness. Due to pairing process, user-specific data are copied from smartphone and transferred to paired smartwatch. We focus on what happens in smartwatch because of pairing process. We perform an experiment study by observing and extracting data from smartwatch under real world usage phases. With a survey of user awareness on smartwatch regarding security and privacy, moreover, we suggest risk assessment on smartwatch in five levels, particularly considering pairing process based on security and privacy.