• The Journal of Information Systems
• /
• v.27 no.1
• /
• pp.171-191
• /
• 2018

Purpose Corporate technology leakage is not only monetary loss, but also has a negative impact on the corporate image and further deteriorates sustainable growth. In particular, since SMEs are highly dependent on core technologies compared to large corporations, loss of technology leakage threatens corporate survival. Therefore, it is important for SMEs to "prevent and protect technology leakage". With the recent development of data analysis technology and the opening of public data, it has become possible to discover and proactively detect companies with a high probability of technology leakage based on actual company data. In this study, we try to construct profiles of enterprises with and without technology leakage experience through profiling analysis using data mining techniques. Furthermore, based on this, we propose a classification model that distinguishes companies that are likely to leak technology. Design/methodology/approach This study tries to develop the empirical model for prevention and protection of technology leakage through profiling method which analyzes each SME from the viewpoint of individual. Based on the previous research, we tried to classify many characteristics of SMEs into six categories and to identify the factors influencing the technology leakage of SMEs from the enterprise point of view. Specifically, we divided the 29 SME characteristics into the following six categories: 'firm characteristics', 'organizational characteristics', 'technical characteristics', 'relational characteristics', 'financial characteristics', and 'enterprise core competencies'. Each characteristic was extracted from the questionnaire data of 'Survey of Small and Medium Enterprises Technology' carried out annually by the Government of the Republic of Korea. Since the number of SMEs with experience of technology leakage in questionnaire data was significantly smaller than the other, we made a 1: 1 correspondence with each sample through mixed sampling. We conducted profiling of companies with and without technology leakage experience using decision-tree technique for research data, and derived meaningful variables that can distinguish the two. Then, empirical model for prevention and protection of technology leakage was developed through discriminant analysis and logistic regression analysis. Findings Profiling analysis shows that technology novelty, enterprise technology group, number of intellectual property registrations, product life cycle, technology development infrastructure level(absence of dedicated organization), enterprise core competency(design) and enterprise core competency(process design) help us find SME's technology leakage. We developed the two empirical model for prevention and protection of technology leakage in SMEs using discriminant analysis and logistic regression analysis, and each hit ratio is 65%(discriminant analysis) and 67%(logistic regression analysis).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.37 no.2
• /
• pp.77-84
• /
• 2014

The purpose of this research is to identify and develop technology protection plans for small and medium-sized enterprises (SMEs) by analyzing past technology leakage patterns which were experienced by SMEs. We identified factors which affect the technology leakage, and analyzed patterns of the influences using a data mining algorithms. A decision tree analysis showed several significant factors which lead to technology leakage, so we conclude that preemptive actions must be put in place for prevention. We expect that this research will contribute to determining the priority of activities necessary to prevent technology leakage accidents in Korean SMEs. We expect that this research will help SMEs to determine the priority of preemptive actions necessary to prevent technology leakage accidents within their respective companies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2276-2291
• /
• 2017

Data protection of removable storage devices is an important issue in information security. Unfortunately, most existing data protection mechanisms are aimed at protecting computer platform which is not suitable for ultra-low-power devices. To protect the flash disk appropriately and efficiently, we propose a trust based USB flash disk, named UTrustDisk. The data protection technologies in UTrustDisk include data authentication protocol, data confidentiality protection and data leakage prevention. Usually, the data integrity protection scheme is the bottleneck in the whole system and we accelerate it by WH universal hash function and speculative caching. The speculative caching will cache the potential hot chunks for reducing the memory bandwidth pollution. We adopt the symmetric encryption algorithm to protect data confidentiality. Before mounting the UTrustDisk, we will run a trusted virtual domain based lightweight virtual machine for preventing information leakage. Besides, we prove formally that UTrustDisk can prevent sensitive data from leaking out. Experimental results show that our scheme's average writing throughput is 44.8% higher than that of NH scheme, and 316% higher than that of SHA-1 scheme. And the success rate of speculative caching mechanism is up to 94.5% since the access pattern is usually sequential.

• The Journal of Society for e-Business Studies
• /
• v.19 no.3
• /
• pp.65-89
• /
• 2014

Although many studies have focused on the influences and outcomes of personal information leakage, few studies have investigated how the personal information leakage prevention behavior differs depending on internet user. This study attempts to supplement the existing studies' limitations with the use of risk perception attitude (RPA) framework. More specifically, this study tries to show internet user can be classified into four groups based on perceived risk of personal information leakage and efficacy beliefs of personal information protection, and to identify how the groups differ in terms of motivation, information seeking, and behaviors for privacy leakage prevention. Analysis on survey data from 276 internet users reveals that the users can be classified into responsive, avoidance, proactive, indifference groups. Furthermore, there are differences between groups in terms of motivation, information seeking, and behaviors for personal information leakage prevention. This study contributes to expand existing literature by providing tailored guidelines for implementation of personal information protection strategies and policy.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.1-10
• /
• 2015

The main objective of this study was to identify the factors that can maximize the effect of preventing technology leakage by government support. Therefore we used the 2013 small business technology protection capabilities and level of research which is conducted by the Small and Medium Business Administration, and have analyzed the presence of small business technological assets leakage protection eand skills. Multiple logistic regression analysis was performed to identify 1,518 small companies (43 big companies are excluded) which are divided into 155 technological assets leaked small business and non-leaked 1363 small business. The most important factors associated with technology leakage were entrant control system, security audit, employee absence of security activities and important data protection measures. This result shows that if the government can support more for these details, technological asset leakage prevention effect is expected to be maximized.

• Journal of Information Technology Applications and Management
• /
• v.16 no.4
• /
• pp.79-92
• /
• 2009

With the rising reliance on market estimation through customer analysis in customer-centered marketing, there is a rapid increase in the amount of personal data owned by corporations. There has been a corresponding rise in the customers' interest in personal information protection, and the problem of personal information leakage has risen as a serious issue. The purpose of this research is to develop a diagnosis model for personal information protection that is suited to our country's corporate environment, and on this basis, to present diagnostic instruments that can be applied to domestic corporations. This diagnosis model is a structural equation model that schematizes the degree of synthetic effect that administration factors and estimation items have on the protection of personal information owned by corporations. We develop the model- consisting of the administration factors for personal information protection and the measurement items of each factor- using the development method of standardized structural equation model. We then present a tool through which the administration factors and estimation items verified through this model can be used in the diagnosis for personal information protection in corporations. This diagnostic tool can be utilized as a useful instrument to prevent in advance the leakage of personal information in corporations.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.121-126
• /
• 2018

The development of modern ICT and network technologies has made the business environment smart.and under such circumstances, a great deal of data is being generated, stored and used. The important information that becomes an energy source for corporate management creates economic profit and value and is also utilized as a basis for strong influence. Therefore, important information must ensure its availability and convenience while ensuring confidentiality and integrity, which is the basic objective of information protection. However, most companies are seeing more and more incidents of serious damage due to the leakage of important internal information. In this study, we deal with the Data Loss Prevention (DLP) technologies and solutions to prevent internal information leakage and establish stable data security and information protection management.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.1
• /
• pp.71-81
• /
• 2009

To the cause of the development of IT technology and the Internet, information leakage of industry is also facing a serious situation. However, most of the existing techniques to prevent leakage of information disclosure after finding the cause of defense. Therefore, in this paper by adding information about the Hardware to offer a way to protect the information. User authentication information to access the data according to different security policies to reflect a little more to strengthen security. And the security agent for the data by using a log of all actions by the record was so easy to analyze. It also analyzes and apply the different scenarios possible. And the analysis of how to implement and how to block. The future without the use of security agents to be able to control access to data and H/W information will be updated for the study will be done.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.11
• /
• pp.4662-4679
• /
• 2015

Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.