• Smart Media Journal
• /
• v.10 no.2
• /
• pp.84-91
• /
• 2021

In the EU GDPR, when collecting personal information, the right of the information subject(user) to consent or refuse is given the highest priority. Therefore, the information subject must be able to withdraw consent and be forgotten and claim the right at any time. Especially, restricted IoT devices(Constrained Node) implement the function of consent of the data subject regarding the collection and processing of privacy data, and it is very difficult to post the utilization content of the collected information. In this paper, we designed and implemented a management system that allows data subjects to monitor data collected and processed from IoT devices, recognize information leakage problems, connect, and control devices. Taking into account the common information of the standard OCF(Open Connectivity Foundation) of IoT devices and AllJoyn, a device connection framework, 10 meta-data for information protection were defined, and this was named DPD (Data Protection Descriptor). we developed DPM (Data Protection Manager), a software that allows information subjects to manage information based on DPD.

• The KIPS Transactions:PartC
• /
• v.17C no.2
• /
• pp.159-164
• /
• 2010

The data wiping is a technique which perfectly deletes data in a storage to prevent data recovery. Currently, management of stored data is important because of increasing an accident of personal information leakage. Especially, if you need to discard data contained personal information, using a wiping tool which permanently deletes data to prevent unnecessary personal information leakage. The data wiping is also used for data security and privacy protection. However the data wiping can be used intentionally destruction of evidence. This intentionally destruction of evidence is important clues of forensic investigation. This paper demonstrates the methods for detecting the usage of wiping tools in digital forensic investigation.

• Fire Science and Engineering
• /
• v.30 no.4
• /
• pp.103-110
• /
• 2016

While the demand for the gas system fire extinguishers increases every year, there are insufficient safety measures for assessing the extinguishing performance, such as system safety and reliability in the preparation of increasing demand, which has emerged as a social problem. One of the most critical causes of accidents occurring with the gas extinguishing system is pressure leakage from the extinguishing agent storage container. This is considered to be one of the critical factors on which the success of fire suppression depends. In this study, its safety measure was studied, Because it was deemed urgently necessary. The newly developed pressure leakage monitoring system is a system monitoring storage condition, pressure, leakage and discharge of the storage container related to agent concentration, which is one of the critical factors for fire suppression. This was developed to be applicable to the $CO_2$ and HFC-23 systems. Therefore, for structural safety analysis, the safety performance was verified by the fluid structure coupling analysis of the safety problems that may occur when the pressure leakage monitoring system is applied to the gas fire extinguisher. For analysis programs, the FloEFD program from Mentor Graphics was used for computational fluid dynamics analysis and ABAQUS from Dassault Systems was used for structural analysis. From the result of numerical analysis, the structure of $CO_2$ did not develop plastic deformation and its safety was verified. However, plastic deformation and deviation issue occurred with the HFC-23 monitoring system and therefore verified the structural safety of pressure leakage monitoring system by data obtained from redesigning and adjusting the condition of numerical interpretation three times.

• Journal of Multimedia Information System
• /
• v.7 no.3
• /
• pp.215-220
• /
• 2020

Many state agencies and companies collect personal data for the purpose of providing public services and marketing activities and use it for the benefit and results of the organization. In order to prevent the spread of COVID-19 recently, personal data is being collected to understand the movements of individuals. However, due to the lack of technical and administrative measures and internal controls on collected personal information, errors and leakage of personal data have become a major social issue, and the government is aware of the importance of personal data and is promoting the protection of personal information. However, theory-based training and document-based intrusion prevention training are not effective in improving the capabilities of the privacy officer. This study analyzes the processing steps and types of accidents of personal data managed by the organization and describes measures against personal data leakage and misuse in advance. In particular, using Capture the Flag (CTF) scenarios, an evaluation platform design is proposed to respond to personal data breaches. This design was proposed as a troubleshooting method to apply ISMS-P and ISO29151 indicators to reflect the factors and solutions to personal data operational defects and to make objective measurements.

• Journal of Information Technology Services
• /
• v.19 no.1
• /
• pp.37-53
• /
• 2020

Today, our society is exposed to cyber threats, such as the leakage of personal information, as various systems are connected and operated organically with the development of information and communication technology. With the impact of these cyber risks, we are experiencing damage from the virtual world to the physical world. As the number of cases of damage caused by cyber attacks has continued to rise, social voices have risen that the government needs to manage cyber risks. Thus, information and telecommunication service providers are now mandatory to have insurance against personal information protection due to amendment of "the Act on Promotion of Information and Communication Network Utilization and Information Protection". However, the insurance management system has not been properly prepared, with information and communication service providers selecting the service operators based on sales volume rather than selecting them based on the type and amount of personal information they store and manage. In order for the personal information protection liability insurance system to be used more effectively in line with the legislative purpose, effective countermeasures such as cooperation with the government and related organizations and provision of benefits for insured companies should be prepared. Thus, the author of this study discuss the current status of personal information protection liability insurance system and the issues raised in the operation of the system. Based on the results of this analysis, the authors propsoe tasks and plans to establish an effective personal information protection liability insurance system.

• Journal of Radiation Protection and Research
• /
• v.43 no.4
• /
• pp.154-159
• /
• 2018

Background: To prevent small leakage accidents, a real-time and direct detection system for small leaks with a detection limit below that of existing systems, e.g. $0.5gpm{\cdot}hr^{-1}$, is required. In this study, a small-size beta detector, which can be installed inside the reactor containment (CT) building and detect small leaks directly, was suggested and its feasibility was evaluated using MCNPX simulation. Materials and Methods: A target nuclide was selected through analysis of radiation from radionuclides in the reactor coolant system (RCS) and the spectrum was obtained via a silicon detector simulated in MCNPX. A window was designed to reduce the background signal caused by other nuclides. The sensitivity of the detector was also estimated, and its shielding designed for installation inside the reactor CT. Results and Discussion: The beta and gamma spectrum of the silicon detector showed a negligible gamma signal but it also contained an undesired peak at 0.22 MeV due to other nuclides, not the $^{16}N$ target nuclide. Window to remove the peak was derived as 0.4 mm for beryllium. The sensitivity of silicon beta detector with a beryllium window of 1.7 mm thickness was derived as $5.172{\times}10^{-6}{\mu}Ci{\cdot}cc^{-1}$. In addition, the specification of the shielding was evaluated through simulations, and the results showed that the integrity of the silicon detector can be maintained with lead shielding of 3 cm (<15 kg). This is a very small amount compared to the specifications of the lead shielding (600 kg) required for installation of $^{16}N$ gamma detector in inside reactor CT, it was determined that beta detector would have a distinct advantage in terms of miniaturization. Conclusion: The feasibility of the beta detector was evaluated for installation inside the reactor CT to detect small leaks below $0.5gpm{\cdot}hr^{-1}$. In future, the design will be optimized on specific data.

• Safety and Health at Work
• /
• v.11 no.1
• /
• pp.61-70
• /
• 2020

Background: This study aims to assess whether the TSI PortaCount (Model 8020) is a measuring instrument comparable with the flame photometer. This would provide an indication for the suitability of the PortaCount for determining the workplace protection factor for particulate filtering facepiece respirators. Methods: The PortaCount (with and without the N95-Companion^TM) was compared with a stationary flame photometer from Moores (Wallisdown) Ltd (Type 1100), which is a measuring instrument used in the procedure for determining the total inward leakage of the particulate filtering facepiece respirator in the European Standard. Penetration levels of sodium chloride aerosol through sample respirators of two brands (A and B) were determined by the two measuring systems under laboratory conditions. For each brand, thirty-six measurements were conducted. The samples were split into groups according to their protection level, conditioning before testing, and aerosol concentration. The relationship between the gauged data from two measuring systems was determined. In addition, the particle size distribution inside the respirator and outside the respirator was documented. Linear regression analysis was used to calculate the association between the PortaCount (with and without the N95-Companion^TM) and the flame photometer. Results: A linear relationship was found between the raw data scaled with the PortaCount (without N95-Companion^TM) and the data detected by the flame photometer (R² = 0.9704) under all test conditions. The distribution of particle size was found to be the same inside and outside the respirator in almost all cases. Conclusion: Based on the obtained data, the PortaCount may be applicable for the determination of workplace protection factor.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.107-113
• /
• 2019

Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.5
• /
• pp.2415-2421
• /
• 2013

Widespread personal data utilization has led personal data protection to its importance at core, and serious data spill has increased constantly as a result. Though various types of protection systems for data spill have been suggested, all these met failures in detection of personal data when printed out or preventing fatal data exposure without any protections when data spill happens. I propose API-Hook method which detects and controls personal data within printouts, and prevents data leakage through masking on the printed-out data. Also, it is verified if security is guaranteed on the documents containing personal data when implementing. In order to obtain security, it is essential to put more weights on the balance with availability than confidentiality.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.