• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.841-852
• /
• 2021

Biometric recognition refers to a technology that identifies or verifies an individual after registering each individual's physical, physiological, and behavioral characteristics with an automated device. However, the biometric data used here corresponds to personal information since it can identify an individual. Therefore, when it is compromised or misused, it negatively affects the privacy of the data subject. In this paper, we review the current status of domestic laws related to biometric information and the status of infringements related to this. And then, some biometric application models are derived and vulnerabilities and countermeasures for each model are discussed. Finally, for the developer and service provider of the biometric system, protection guidance is presented.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.151-154
• /
• 2021

State information policy is an important component of foreign and domestic policy of the country and covers all spheres of society. The rapid development of the information sphere is accompanied by the emergence of fundamentally new threats to the interests of the individual, society, state and its national security. The article considers the components of the state information policy to ensure information security of the country and identifies the main activities of public authorities in this area. Internal and external information threats to the national security of Ukraine and ways to guarantee the information security of the country are analyzed. Information security is seen as a component of national security, as well as a global problem of information protection, information space, information sovereignty of the country and information support of government decisions. Approaches to ensure the process of continuity of the information security system of the state in order to monitor new threats, identify risks and levels of their intensity are proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.139-150
• /
• 2008

Recently, financial institutes and industrial companies are adopted to security token such as OTP, smart card, and USB authentication token and so on for secure system management and user authentication. However, some research institutes have been introduced security weaknesses and problems in security tokens. Therefore, in this paper, we analyses of security functions and security requirements in security token performed by analyses of standardization documents, trends, security problems, attack methods for security tokens. Finally, we propose a CC v.3.1 based security token protection profile.

• Management & Information Systems Review
• /
• v.35 no.3
• /
• pp.81-93
• /
• 2016

UK "FSMA" provides a safe harbour for members of professions, which are lawyers, accountants, and actuaries in their provision of certain financial services, despite the general prohibition, the professions carry on exempt regulated activities. In particular, DPBs(designated professional bodies), which professional bodies are designated by the Treasury, must have rules and have to supervise and regulate their members those activities by rules. Also, the FSA must keep itself informed about the role of DPBs, and may make directions concerning the safe harbour in relation to particular classes of persons of different descriptions of regulated activities. On the other hand, Korea "FSCMA" explicitly except provision of financial services by professions to investment adviser without regard to mainstream financial services activities or incidental activities. Under "FSMA", if the professions conduct provision of financial services as mainstream activities, they must be authorized person and even if their activities is incidental, they have to comply with exemption sections. Therefore, there is a need of prepare the legal safeguards about provision of financial services by professions for the investor protection.

• Journal of IKEEE
• /
• v.27 no.4
• /
• pp.548-555
• /
• 2023

With the advancement of the internet, the use of personal information in online interactions has increased, underscoring the significance of data protection. Breaches of personal data due to unauthorized access can result in psychological and financial damage to individuals, and may even enable wide-ranging societal attacks aimed at those associated with the victims. In response to such threats, there is active research into security measures using blockchain to safeguard personal information. This study proposes a system that uses middleware and IAM (Identity and Access Management) services to protect personal information in a BaaS (Blockchain as a Service) environment where blockchain is provided via the Internet. The middleware operates on servers where IAM roles and policies are applied, authenticates users, and performs access control to allow only legitimate users to access blockchain data existing in the cloud. Additionally, to understand the impact of the proposed personal information protection method on the system, we measure the response time according to the time taken and the number of users under three assumed scenarios, and compare the proposed method and research related to personal information protection using blockchain in terms of security characteristics such as idea, type of blockchain, authentication, and confidentiality.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.93-106
• /
• 2015

Providing trading partners with personal information to establish an e-commerce financial transaction is inevitable. Most e-commerce companies keep personal information and transaction data for user's convenience and develop additional services as their applications. However, keeping personal information increases the likelihood of identity theft causing direct or indirect damage while it may simplify repetitive financial transactions. This study introduces risk management methods based on quantitative and qualitative analysis including demand-supply curve model and Gordon & Loeb model to analyze the risks for security management. The empirical analysis with survey results from KISA (Korea Information Security Agency) shows that the root cause of different statistics of personal information leakage incidents according to core business of internet companies is the difference in their Loss Expectancy caused by them. Also we suggest disciplinary compensation and higher standard for personal information protection as a solution to prevent the variation of investment on it between individual companies.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.123-134
• /
• 2020

Although the rights of data subjects are defined through laws such as the Personal Information Protection Act, the consent process for collecting personal information by financial institutions is only formal and does not guarantee the right of self-determination of personal information. Therefore, it is necessary to analyze the problem by information provision items of the current model, and to improve by changing the structure such as replacing the current method provided with the text with pictures and videos, and mandatory to provide the information subjects with personal information flow related images from the signing up stage. The improvement model is presented as a way to add a procedure to the current model. The effect was verified through a survey. It is hoped that the proposed model is actually reflected through the review to create an environment that can be a true meaning agreement that reflects the information subject's right to self-determination.

• 한국사회정책
• /
• v.24 no.4
• /
• pp.151-184
• /
• 2017

The purpose of this study is to investigate the development process and current status of income maintenance policies after the financial crisis, to sort out key issues or problems, and to explore future plans or directions that can overcome the limitation. In order to develop intensive argument, the scope of research is limited to the National Pension, Basic Pension, and the National Basic Livelihood Security System. The research also focused on two values of the 'universalism' and the 'adequacy' based on the 'SPF(social protection floor)' in the overall narrative process. Additionally, this paper briefly summarized the related contents released by the Moon Jae-in Government and presented an affirmative strategy and a transformational strategy centered on social allowance and basic income respectively, to establish an integrated income guarantee scheme. Although some improvements to the present system are also required, it is an effort to expand the practical effect of social benefits through the full and comprehensive reform of benefit structure and method.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.2
• /
• pp.89-102
• /
• 2023

The purpose of this study is to examine what are the important variables for information security compliance and whether the information security investment by the industry is different. To comply with the information security policies, the organization must establish measures to prevent or resolve information security incidents. This research process consists of four stages, and the analysis method was conducted with the categorical regression analysis and the correspondence analysis. The first analysis analyzed the independent variables that affect security regulations compliance. The rest of the analysis was conducted by industry in the order of security compliance regulations, manpower investment, and budget investment. As a result of the first analysis, this had positive effects on an organization and personal information protection awareness, joint operation organization of information protection, manpower and budget investment, corporate size, and industry. The correspondence analysis was conducted from the second analysis to the fourth analysis and it analyzed the differences in information security investment by industry. The second analysis showed that the construction industry, science and technology industry, and finance industry have higher compliance with security regulations than other industries. The third analysis showed that the financial industry and the science and technology industry were higher than other industries. The last analysis showed that the financial industry was higher than other industries. The theoretical contribution of this study provided the basis for updating the information security theory. The practical contribution of this study requires government support to reduce information security deviations by industry.

• International Area Studies Review
• /
• v.21 no.4
• /
• pp.247-268
• /
• 2017

This paper analyzes for companies of 2011~2014 the effects of corporate social responsibility on audit efficiency. Using KEJI Index and its individual components which is published by Citizens' Coalition for Economic Justice Institute, this paper analyzes their effects on audit efficiency of audit fees and audit hours. The results of analyses are as followings. First, corporate social responsibility(CSR) composite index did not show any significant relationship between audit fees and audit hours. However, for analyses of the effects of CSR individual components on audit efficiency, variable such as CSR fairness(CSR2), CSR social contribution(CSR3), CSR environmental protection activity(CSR5) have the negative effects on the audit fees and audit time. and CSR customer protection(CSR4), CSR employee satisfaction(CSR6) have the positive effects on the audit fees and audit time. Results suggest that independent auditors may reduce audit risks associated with possible misrepresentation of financial statements for companies with high scores of CSR fairness (CSR2), CSR social contribution(CSR3), and CSR environmental protection activity(CSR5). Also, financial statement auditors may perceive surge of discretionary expenses, and set audit risk high for companies with CSR customer protection(CSR4), and CSR employee satisfaction(CSR6). Together, KEJI Index and its individual components appear to have differential effects on audit efficiency.