• International Journal of Computer Science & Network Security
• /
• 제21권5호
• /
• pp.113-120
• /
• 2021

The adoption of the General Data Protection Regulation (EU) 2016/679 transformed approaches and concepts to the implementation of the personal data protection mechanism in the European Union. Within the EU, almost all countries have adapted a new protection mechanism, which requires a study of the specifics of its use. The article intends to assess the legal provisions of the current mechanism of personal data protection in the EU. The author studied the mechanism of personal data protection under the General Data Protection Regulation (EU) 2016/679 (GDPR) based on the concept of contextual integrity and analysis of EU legislation on personal data protection. The scientific publications for 2016-2020 were reviewed for the formation of ideas of a new personal data protection mechanism in the EU, informative and transparent analysis of legal provisions. The article notes that the personal data privacy and protection is increasing, there is an ongoing unification of the legal status of personal data protection and the formation of a digital market for dissemination, exchange, control, and supervision of data. Cross-border cooperation is part of the personal data protection mechanism. The author proved that the GDPR has changed approach to personal data protection: the emphasis is now shifting to the formation of a digital market, where the EU's role in ensuring regulation is crucial. The article identifies the emergence of a new protectionist legal system and strengthening of legal provisions regarding privacy. This legal system needs unification and harmonization in accordance with national legislation, is territorially fragmented and differentiated within the EU.

• 정보화정책
• /
• 제27권3호
• /
• pp.3-18
• /
• 2020

전세계적으로 디지털 전환이 확산됨에 따라 유럽연합(EU)은 회원국 간의 포괄적인 데이터 보호 프레임워크를 구축하기 위해 GDPR(General Data Protection Regulation)을 시행하였다. GDPR의 헌법적 뿌리를 고려할 때, EU의 규제 접근법은 다른 데이터 보호 규정들과는 차이가 있다. GDPR은 데이터 보호에 대한 개인의 권리를 강화하였다. 하지만 개인의 데이터를 수집하고 처리하는 기업에 대한 몇 가지 의무 또한 도입하였다. 본 연구에서는 정책적 관점에서 프라이버시, 특히 GDPR에 관한 기존의 문헌을 고찰하였으며, 이를 통해 데이터 규제가 경쟁, 혁신, 마케팅 활동 및 국경을 초월한 데이터 흐름에 미치는 영향을 개략적으로 리뷰 하였다. 그리고 본 연구는 프라이버시와 GDPR이 시장에 미치는 영향 사이의 절충안을 강조한다.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2013년도 춘계학술대회
• /
• pp.693-696
• /
• 2013

정보보호시스템(Information protection system)기반의 IT 환경 구축이 보편화되면서 공공기관 및 기업체에서는 정보시스템 자원의 활용과 통합을 위한 하나의 필수적인 환경으로 인식하기 시작하였고, 클라우드 시스템(Cloud System), 클라우드 보안(Cloud Security), 빅데이터(Big Data), 빅데이터 보안(Big Data Security), 산업보안(Industry Security)등이 이슈화 되고 있다. 이러한 영향으로 인해 정보보호시스템(Information protection system) 구축에 따른 내외부적인 보안 위협요소 분석과 대응방안 수립하고자 한다. 본 논문에서는 정보보호시스템(Information protection system) 도입에 따른 여러 가지 보안 위협요소를 알아보고 특히 산업보안적인 측면과 내외부 보안위협요소에 관한 측면을 조명하여 대응방안 수립에 관한 기반 지식을 제공하고자 한다.

• Asia pacific journal of information systems
• /
• 제31권3호
• /
• pp.257-276
• /
• 2021

This study investigates the factors that facilitate or hinder people to use mobile payment, especially drawing upon the theoretical perspectives on individual's privacy protection motivation and perceived market condition. Survey data (n = 200) were collected through a web-based platform and used to test a theoretical model. The results show that one's privacy protection power is formed by various individual and technological factors (i.e., perceived data exposure, self-efficacy, and response efficacy), and in turn it determines his/her intention to use mobile payment. Moreover, the relationship between privacy protection power and mobile payment use is conditional on the perceived market control by the service provider - with a perception of the high level of provider's market control, one uses mobile payment regardless of his/her privacy protection power, while under the low level of provider's market control, the decision depends on the degree of privacy protection power. The findings would help our understanding of why some people are more susceptible to mobile payment and others are not.

• 한국IT서비스학회지
• /
• 제10권4호
• /
• pp.21-32
• /
• 2011

The recently revised "Telecommunications Business Promotion and Personal Data Protection Act" is an important legal milestone in promoting the Korean telecommunications infrastructure and industry as well as protecting individuals' personal data and individuals' rights to privacy. Special characteristics of information security and privacy protection services including public goods' feature, adaptiveness, relativity, multi-dimensionality, and incompleteness, are reviewed. The responsibility of chief security/privacy officers in the IT industry, and the fairness and effectiveness of the criminal negligence in the Telecommunications Act are analyzed. An assessment of the rationale behind the act as well as a survey of related laws and cases in different countries, offers the following recommendations : i) revise the act and develop new systems for data protection, ii) grant a stay of execution or reduce the sentence given extenuating circumstances, or iii) use technical and managerial measures in data protection for exemption from criminal negligence.

• 한국IT서비스학회지
• /
• 제8권1호
• /
• pp.47-58
• /
• 2009

The information protection security diagnosis institution was applied services since 2004, for the leveling up of public information protection and the establishment of the stability and reliability of information communication. And this security diagnosis was implemented actually on the 142 firms in 2005, the 160 firms in 2006 and the 205 firms in 2007. But this is recognized by the some firms as one of the unnecessary regulations. And there are some difficulties with collecting the subjective and reliable source data for establishing the information protection security diagnosis target. In this research, the enhanced model on the selection of information protection security diagnosis target firms was suggested by the interview with some expert and the analysis for the related actual data. By the model which are introduced from the statistical analysis of the related data and the summary of some expert's suggestions, information protection security diagnosis target can include the information telecommunication service providers taking 5 billion won as sales in a year, and web service providers like as shopping mall site, with the personal records of 2 million subscribers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권2호
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of Communications and Networks
• /
• 제8권2호
• /
• pp.228-233
• /
• 2006

Survivability is a very important requirement for the deployment of broadband networks because out of service links can affect volumes of traffic even if it is a very short time. And the data paths of broadband networks, which are critical for traffic engineering, are always necessary to be well protected. The procedure of protection or restoration for a path is initiated when failure is detected within the working path. In order to minimize the influence on transmission quality caused by the failure of links and to provide a definite time for the recovery from the failure, the protection switching time (PST) should be carefully considered in the path arrangement. Several researches have been devoted to construct the protection and restoration schemes of data paths over dense wavelength division multiplexing (DWDM) networks, however, there was rare research on the design of data paths with guaranteed protection switching time. In this paper, the PST-guaranteed scheme, which is based on the concept of short leap shared protection (SLSP), for the arrangement of data paths in DWDM networks is proposed. The proposed scheme provides an efficient procedure to determine a just-enough PST-guaranteed backup paths for a working path. In addition to selecting the PST-guaranteed path, the network cost is also considered in a heuristic manner. The experimental results demonstrate that the paths arranged by the proposed scheme can fully meet the desired PST and the required cost of the selected path is competitive with which of the shared path scheme.

• 한국방송∙미디어공학회:학술대회논문집
• /
• 한국방송공학회 2011년도 하계학술대회
• /
• pp.294-295
• /
• 2011

The fundamental problem of selective protection scheme for encoded bitstreams is to find an efficient algorithm to select the set of frames required to be encrypted that can maximize protection effect with the minimum amount of protected data is required. In this paper, we propose an optimal selective protection scheme for SVC bitstreams by protecting the best combination of frames for selective protection in the sense that the amount of data required for protection is minimized and the resulting visual quality degradation is maximized. The selection of the frames to be encrypted is done by first expressing R-Q (protection rate - visual quality) relationship with Lagragian cost model. The experimental results show that, compared to protecting SVC bitstreams layer by layer, the proposed scheme gives superior performance in terms of protection effectiveness due to its better selection of frames for protection given protection bit budgets.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2011년도 춘계학술발표대회
• /
• pp.844-847
• /
• 2011

Wireless mesh network (WMN) is a type of mobile ad-hoc network consists of wireless router, mobile clients and gateway which connects the network with the Internet. To provide security in the network it is required to encrypt the message sent among the communicating nodes in such way so that only legitimate user can retrieve the original data. Several security mechanisms have been proposed so far to enhance the security of WMN. However, there still exists a need for a comprehensive mechanism to prevent attacks in data communication. Considering the characteristic of mesh network, in this paper we proposed a public key cryptography based security architecture to establish a secure key agreement among communicating nodes in mesh network. The proposed security architecture consists of two major sections: client data protection and network data protection. Client data protection deals with the mutual authentication between the client and the access router and provide client to access router encryption for data confidentiality using standard IEEE 802.11i protocol. On the other hand, network data protection ensures encrypted routing and data transfer in the multi hop backbone network. For the network data protection, we used the pre-distributed public key to form a secure backbone infrastructure.