• The Journal of Korean Institute of Communications and Information Sciences
• /
• 제32권7C호
• /
• pp.667-673
• /
• 2007

In order to provide the efficient personalized services, the organizations and the companies collect and manage the personal information. The stored data have some slight differences among each subject. Even though the same attribute information leaks out, the personal privacy violation is different according to personal sensitivity. However, currently the organizations or the companies protect all the information as the same level. This paper reflects the sensitive attribute information of the information subject to each personal policy by the encrypting techniques. And then we propose a policy-based access control mechanism for the personal information which strictly prevents unauthorized information users from illegally accessing the personal information. In the proposed mechanism, the individuals' personal information which is encrypted with different keys is stored into the database. For the access control, information subjects set up their own access control policy for their sensitive personal information. Then it is possible to control the information access by providing the information to the information users according to personal and organizational privacy policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제16권2호
• /
• pp.33-43
• /
• 2006

In order to provide the efficient personalized services, the organizations and the companies collect and manage the personal information. However, there have been increasing privacy concerns since the personal information might be misused and spread over in public by the database administrators or the information users. Even in the systems in which organizations or companies control access to personal information according to their access policy in order to protect personal information, it is not easy to fully reflect the information subjects' intention on the access control to their own Personal information. This paper proposes a policy-based access control mechanism for the personal information which prevents unauthorized information users from illegally accessing the personal information and enables the information subjects to control access over their own information. In the proposed mechanism, the individuals' personal information which is encrypted with different keys is stored into the directory repository. For the access control, information subjects set up their own access control policy for their personal information and the policies are used to provide legal information users with the access keys.

• Journal of Convergence Society for SMB
• /
• 제6권2호
• /
• pp.19-24
• /
• 2016

A Study on the Information Security System of Fin-Tech Business In traditional electronic commerce, there have not been severe issues of trading information through documents in paper or the closed EDI. The scale of e-commerce has increased as internet develops, however, turning to the online e-commerce, which caused a number of issues such as authentication, information forgery, and non-repudiation between the parties. To prevent conflicts from such troubles and perform the post management, security technologies are applied throughout the process of e-commerce, certificates intervening. Lately, meanwhile, FinTech has been creating a sensation around the mobile payment service. Incidents of information leakage from card corporations and hackings imply the need of securing safety of the financial service. Development and evolution of FinTech industry must be accompanied by information protection. Therefore, this research aims to inquire into the information security system of leading FinTech company in a foreign country.

• Convergence Security Journal
• /
• 제19권2호
• /
• pp.29-38
• /
• 2019

For that reason, trend research has been actively conducted to identify and analyze the key topics in large amounts of data and information. Also personal information protection field is increasing activities in order to identify prospects and trends in advance for preemptive response. However, only research based on technology such as trends in information security field and personal information protection solution is broadly taking place. In this study, threat-based trends in personal information protection field is analyzed through text mining method. This will be the key to deduct undiscovered issues and provide visibility of current and future trends. Policy formulation is possible for companies handling personal information and for that reason, it is expected to be used for searching direction of strategy establishment for effective response.

• The Journal of the Korea Contents Association
• /
• 제16권1호
• /
• pp.585-594
• /
• 2016

This study is aimed at researching and analyzing the students' recognition and practice of the patents medical information, who are majoring in medical records and will be working as medical records technician, letting them recognize the importance of information, and at offering basic data required for development of medical records curriculum and for establishment of medical records protection policy. This study was conducted from 18th May through 6th June 2015, targeting 340 students enrolled four universities, by t-test, variance analysis, Pearson correlation analysis and multiple regression analysis. As a result of this study, the point of protection recognition and practice recognition is 3.55 and 3.49, respectively, out of 5. With regard to recognition of medical information protection, there was a significant difference in grade, satisfaction for major, experience of medical information protection education and recognition of law, while for recognition of practice, in grade, satisfaction for major, educational experience and damage of medical information exposure. Recognition of protection and recognition of practice had a significant static correlation, and recognition of information exposure, recognition of social issue and recognition of legal system had significant positive effect on recognition of practice. In order to raise the recognition of protection and recognition of practice, based on this study, it is considered necessary for the universities to educate the damage of medical information exposure and importance of medical records management, and to raise the students' recognition.

• Journal of Digital Convergence
• /
• 제15권9호
• /
• pp.1-14
• /
• 2017

As we enter the era of big data, the value of personal information is becoming ever more important. However, personal information protection laws in Korea have several issues. Furthermore, existing research are limited in their ability to facilitate a comprehensive understanding of measures to improve personal information protection laws. Accordingly, this study analyzes improvements to be made in the current personal information protection laws based on existing research. A total of 39 research articles discussing the problems of the personal information protection law were selected and analyzed by applying the meta - analysis technique. According to the results, the various issues such as the meaning and scope of personal information, the role and obligations of relevant parties, provision of personal information to third parties, and redundant and imbalanced regulations in special acts in each field. that exist in the current personal information protection laws were confirmed. This study contributes to the improvement of inconsistency between information protection laws and related special laws in each field in practice. Academically, it will contribute to understanding the problems of th law from the macro perspective and suggesting the integrated improvement ways of the law.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제27권3호
• /
• pp.705-715
• /
• 2017

Today, the world is evolving into a huge community that can communicate with real-time information sharing and communication based on the rapid advancement of scientific technology and information. Behind this information, the adverse effects of information assets, such as hacking, viruses, information assets, and unauthorized disclosure of information assets, are continually increasing as a serious social problem. Each time an infringement of the invasion and personal information leaks occur, many regulatory policies have been announced, including stricter regulations for protecting the privacy of the government and establishing comprehensive countermeasures. Also, companies are making various efforts to increase awareness of the importance of information security. Nevertheless, information security accidents like the leaks of industrial secrets are continuously occurring and the frequency is not lessening. In this thesis, I proposed a customized security policy methodology that supports users with various business circumstances and service and also enables them to respond to the security threats more confidently and effectively through not a monotonous and technical but user-centered security policy.

• Journal of Digital Contents Society
• /
• 제19권8호
• /
• pp.1515-1525
• /
• 2018

Security threats in the 4th Industrial Revolution have expanded to the issue of safety, but the environment for information security of domestic companies is still at a low level. This study aims to propose policy implications by empirically analyzing factors affecting investment intention. We investigated the state of information security and protection behavior and expanded UTAUT to investigate correlations. The results showed that information assets affect facilitating conditions, and perceived and new concerns have impacts on social influence. Social influence affect experience and habits, but the impact on security investment intentions was rejected. Facilitation conditions, previous experiences and habits have great influences on investment intention, new service security investment intention. The influence of perceived and new concern are low or rejected. There are moderating effects between types of business, size, security organization, experience of infringement, security personnel ratio, and personal information collection. This study will help to establish policies for enhancing the level of information security.

• Journal of Digital Convergence
• /
• 제18권8호
• /
• pp.49-54
• /
• 2020

COVID-19 pandemic is an opportunity to recognize the necessity of information and telecommunications infrastructure which is base of information and telecommunication. This paper discusses the importance of information and telecommunications infrastructure in COVID-19 pandemic and overview proper institutional measures to fulfill state responsibility for establishment and protection of the infrastructure through documentary survey and normative study with juristic consideration. Information and telecommunications infrastructure has critical functions to respond to the pandemic and is one of the key to make digital transformation. A state is responsible for establishment and protection of Information and telecommunications infrastructure. Institutional measures have significance for the state responsibility and they are formed by not only statute but also constitution with making state object provision for establishment and protection of Information and telecommunications infrastructure. This paper shows premise and direction of further studies on related individual legislation.

• The Korean Journal of Air & Space Law and Policy
• /
• 제29권2호
• /
• pp.135-161
• /
• 2014

An unmanned aerial vehicle (UAV), commonly known as a drone and also referred to as an unpiloted aerial vehicle and a remotely piloted aircraft (RPA) by the International Civil Aviation Organization (ICAO), is an aircraft without a human pilot aboard. ICAO classify unmanned aircraft into two types under Circular 328 AN/190. Unmanned aircraft, which is the core of the development of the aviation industry. However, there are also elements of the legal dispute. Unmanned aircraft are manufactured in small size, it is possible to shoot a record peripheral routes stored in high-performance cameras and sensors without the consent of the citizens, there is a risk of invasion of privacy. In addition, the occurrence of the people of invasion of privacy is expected to use of civilian unmanned aircraft. If the exposure of private life that people did not want for unmanned aircraft has occurred, may occur liability to the operator of unmanned aircraft, this is a factor to be taken into account for the development of unmanned aircraft industry. In the United States, which is currently led by the unmanned aircraft industry, policy related to unmanned aircraft, invasion of privacy is under development, is preparing an efficient measures making. Unmanned aircraft special law has not been enforced. So there is a need for legal measures based on infringement of privacy by the unmanned aircraft. US was presented Privacy Protection Act of unmanned aircraft (draft). However Korea has many laws have been enacted, to enact a new law, but will be able to harm the legal stability, there is a need for the enactment of laws for public safety of life. Although in force Personal Information Protection Law, unmanned aerospace, when the invasion of privacy occurs, it is difficult to apply the Personal Information Protection Law. So, it was presented a privacy protection bill with infringement of privacy of unmanned aircraft in the reference US legislation and the Personal Information Protection Act.