• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1205-1219
• /
• 2019

As the ability to use data becomes competitive power in the data-driven economy, the effort to create economic value by using personal data is emphasized as much as to protect personal data. EU's PSD2(the second Payment Service directive) became the initiative of the Open Banking trends all over the world, as it is the Mydata policy which protects the data subject's right by empowering the subject to control over the personal data with the right to data portability and promotes personal data usages and transfer. Korean government is now fast adopting EU's PSD2 in financial sector, but there is growing concerns in personal data abuse and misuse, and data breach. This study analyzes domestic financial Mydata policy in comparison with EU's PSD2 and focus on Personal information life-cycle risks of financial Mydata policy. Some suggestions on how to promote personal information and privacy in domestic financial Mydata Policy will be given.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.5
• /
• pp.41-49
• /
• 2017

Digital works such as computer programs, music, photographs, movies and dramas are copyrighted. Even if there were more than 1,000 violations per year for digital works, the punishment was very weak. Especially copyright infringement by teenager is increasing. This study aims to present the direction of future development through questionnaires on the perception and direction of college students about copyright. 157 college students were surveyed about copyright awareness, perception of detailed legal provisions, cost of monthly expenses, copyright violation, and direction of copyright protection. As a result of the questionnaire survey, awareness was high at 69%, but in detailed law was low at 17.2% and 22.3%. In the future direction of copyright policy, 72.6% of them answered that they should be "strengthened" and "more and more strengthened". In order to protect copyrights, enforcement of crackdowns, public relations activities, expansion of the legal market, and technical protection should be done. In order to do this, copyright-related education for elementary, middle, high school and college students are needed more and it is necessary to expand the legal market where high quality contents are traded. More research is needed on copyright protection technological methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.47-61
• /
• 2006

In the Internet era, enterprises want to use personal information of their own or other enterprises' subscribers, and even provide it to other enterprises for their profit. In this paper, a privacy authorization system for personal information based on privacy policies of users and enterprises is designed and implemented. Privacy policies of users and enterprises are described in XACML. Also, components of policy in XACML 2.0 such as Purpose, Obligation are suitable for expressing privacy policy. A prototype of privacy authorization system is implemented by modifying and extending the SUNXACML 1.2, a Sun's implementation of XACML 1.0 and some features of XACML 2.0, and GUI tools for composing and verifying are also developed.

• Journal of Digital Convergence
• /
• v.19 no.12
• /
• pp.125-132
• /
• 2021

This study analyzed the multi-mediating effects of information security, personal information infringement, personal experience, and information security intention in the relationship between personal information protection and information security attitude. For this purpose, a survey was conducted on 221 students from G University. First, information security, personal information infringement, and information security awareness had a simple mediating effect. Second, information security, personal information infringement, personal experience, and information security consciousness had parallel multi- mediation effects. Third, personal information infringement and information security awareness had a simple mediating effect in the parallel multiple mediation state. Fourth, information security had a simple mediating effect, but it was found that there was no simple mediating effect in the parallel multiple mediation state. This study is meaningful in that it empirically compared the simple and multi-mediation effects.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.99-106
• /
• 2013

Personal information protection has become one of the most impending business issues because leakage of personal information can cause tremendous financial losses and image degradation. Consequently, personal information protection initiatives have been recognized widely in business. To invigorate personal information protection investments, performance measurement method such as cost benefits analysis or qualitative analyses are needed, which have not been studied enough in the previous studies. This study proposes a performance measurement model which can include quantitative and qualitative analyses in the context of personal information protection investments. A comparative analysis has been performed on security investment and IT investment performance measurements, which leads to choose the WiBe method (developed by the German Interior Ministry), considering the privacy characteristics and the method's applicability. In particular, the quantitative effect measured how proactive threat assessment based on the way according to the nature of the businesses and organizations of privacy and possible investment decisions. This study proposes the 16 performance indicators, which turn out to be meaningful in terms of their materiality and feasibility by conducting focus group interviews of 25 experts on personal information protection.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.164-166
• /
• 2021

In the ever-changing policy promotion environment, front-line public officials often have difficulties in public relations because they do not know what and how to do it precisely. Everybody says, "Promotion is important, publicity is a problem," however, the policies will inevitably become useless if citizens are not aware of them. Therefore, this study aims to examine Asan City's policy promotion strategy using social media, the core of mobile communication. In particular, mobile social media service is crucial because it is desirable to actively use it to improve its efficiency and strengthen public communication. In understanding and implementing policy promotion, a practical guide for policy promotion that public relations officials can refer to according to the situation is needed, not a formal manual. In addition, looking at how public institutions operate social media will be an opportunity to provide guidelines for using social media as a powerful means of promoting policies in public institutions in the future. We expect that social media will inform information more quickly and respond efficiently in an emergency information protection situation.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.187-204
• /
• 2013

In this study, we developed a comprehensive model to measure the National Information Security Level based on PRM framework. The proposed model reflected a rapidly changing technology environments such as social network service, mobile devices, and etc. This new model consists of three layers:Infrastructure Layer, the Action Layer and the Performance Layer, and there are 16 sub-indexes under the 3 layers. To develop new model and sub-indexes for measuring the National Information Security Level, much amounts of documents related to security indexes or deliberation criteria and security guidelines from international organization were reviewed and then most probable index pool were composed. The Index pool were verified by expert group consisting of professors and specialists. Through five times of screening and having an evaluation review, 16 sub-indexes were deduced and then Delphi and AHP have been conducted to obtain validity and objectiveness of the indexes. Thus the new proposed national information security index will show more exact national information security level and we expect that the indexes give much implications for establishing information protection policy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1583-1592
• /
• 2016

This report explains unspecified private information that have the company of resource value is provided the public with out protection. Let's have a good look at the protection of unspecified private information problems through personal information of law and policy mobile messenger company's TOS(Terms of service) We urgently need for an competition framework to prevent the leaking of Non-specified private informations and need for technical development that is information combined management system. We try verify systems as mentioned above with variety scenarios and suggest improvement plan that is leaking Non-specified private information.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.107-116
• /
• 2023

The management of professional manpower with expertise in performing specific tasks can be said to be a very important issue at the national level. Recently, interest in industrial technology protection experts continues to expand, but difficulties are growing due to the lack of policy evidence. Considering these points, this study conducted a fact-finding survey on personnel in charge of industrial technology protection, and through this, quantitative, qualitative, and job path analysis were performed for related job performers. These results are considered to be significant in that they can be used as basic information for fostering industrial technology protection experts in the future.