• Title/Summary/Keyword: Information Protection Security Diagnosis

Search Result 24, Processing Time 0.024 seconds

An Enhanced Model on the Selection of Information Protection Security Diagnosis Target Firms (정보보호 안전진단 대상자 선정 기준의 개선 방안 연구)

  • Ahn, Yeon-Shick
    • Journal of Information Technology Services
    • /
    • v.8 no.1
    • /
    • pp.47-58
    • /
    • 2009
  • The information protection security diagnosis institution was applied services since 2004, for the leveling up of public information protection and the establishment of the stability and reliability of information communication. And this security diagnosis was implemented actually on the 142 firms in 2005, the 160 firms in 2006 and the 205 firms in 2007. But this is recognized by the some firms as one of the unnecessary regulations. And there are some difficulties with collecting the subjective and reliable source data for establishing the information protection security diagnosis target. In this research, the enhanced model on the selection of information protection security diagnosis target firms was suggested by the interview with some expert and the analysis for the related actual data. By the model which are introduced from the statistical analysis of the related data and the summary of some expert's suggestions, information protection security diagnosis target can include the information telecommunication service providers taking 5 billion won as sales in a year, and web service providers like as shopping mall site, with the personal records of 2 million subscribers.

An Enhancement on the Selection of Information Protection Security Diagnosis Target Firms (정보보호 안전진단 대상자 선정기준의 개선 연구)

  • Ahn, Yeon-Shick;Suh, Jeong-Hoon;Jang, Sang-Soo
    • 한국IT서비스학회:학술대회논문집
    • /
    • 2008.05a
    • /
    • pp.572-577
    • /
    • 2008
  • The information protection security diagnosis institution was applied services since 2004, for the leveling up of public information protection and the establishment of the stability and reliability of information communication. And this security diagnosis was however, recognized by the some firms as one of the unnecessary regulations. And there are some difficulties with collecting the subjective and reliable source data for establishing the information protection security diagnosis target. In this research, the enhanced model on the selection of information protection security diagnosis target firms was suggested by the interview with some expert and the analysis for the related actual data. By the model which are introduced from the statistical analysis of the related data and the summary of some expert's suggestions, information protection security diagnosis target can include the information telecommunication service providers taking 5 billion won as sales in a year, and web service providers like as shopping mall site, with the personal records of 2 million subscribers.

  • PDF

Development of a New Instrument to Measuring Concerns for Corporate Information Privacy Management (국내 기업개인정보보호 측정항목과 관리모형 개발에 관한 연구)

  • Lee, Sung-Joong;Lee, Young-Jai
    • Journal of Information Technology Applications and Management
    • /
    • v.16 no.4
    • /
    • pp.79-92
    • /
    • 2009
  • With the rising reliance on market estimation through customer analysis in customer-centered marketing, there is a rapid increase in the amount of personal data owned by corporations. There has been a corresponding rise in the customers' interest in personal information protection, and the problem of personal information leakage has risen as a serious issue. The purpose of this research is to develop a diagnosis model for personal information protection that is suited to our country's corporate environment, and on this basis, to present diagnostic instruments that can be applied to domestic corporations. This diagnosis model is a structural equation model that schematizes the degree of synthetic effect that administration factors and estimation items have on the protection of personal information owned by corporations. We develop the model- consisting of the administration factors for personal information protection and the measurement items of each factor- using the development method of standardized structural equation model. We then present a tool through which the administration factors and estimation items verified through this model can be used in the diagnosis for personal information protection in corporations. This diagnostic tool can be utilized as a useful instrument to prevent in advance the leakage of personal information in corporations.

  • PDF

A Study on the Effective Countermeasures for Preventing Computer Security Incidents (기업의 침해사고 예방을 위한 관리 모델)

  • Kang, Shin-Beom;Lee, Sang-Jin;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.107-115
    • /
    • 2012
  • The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

A Improvement Study on the Medical Information Protection Using Personal Information Management System(PIMS) : Focus on medical practitioners (개인정보보호관리체계(PIMS)를 이용한 의료정보보호 개선 방안 연구 : 의료기관 종사자를 중심으로)

  • Min, Kyeongeun;Kim, Sungjun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.3
    • /
    • pp.87-109
    • /
    • 2016
  • This study intends to present an effective and efficient development plan about the information protection of medical institutions, by establishing the improvement plan about Personal Information Management System(PIMS) appropriate to the characteristics of medical information focusing on medical institutions generating and using domestic medical information, and doing an empirical study on medical information protection plan. For this, in view of the medical characteristics of the existing Information Security Management System(ISMS), the study presented a study model appropriated to medical institutions based on Personal Information Management Systems index specialized for personal information, and through this, presented the vulnerability diagnosis and vulnerability improvement plan. Based on ISMS index, it designed an improvement index of personal information protection management about each index. The study conducted a survey for executives and employees about PIMS. Accordingly, it presented vulnerability diagnosis items of the current management system indexes from the viewpoint of the people who establish and mange the personal information protection about patients' medical information targeting executives and employees who serve at hospitals and can access medical information.

Study of Problem Based Learning for Information Security Consultant and its Analysis (정보보호 컨설턴트 양성을 위한 PBL 교육방안 적용 및 효과성 분석)

  • Oh, Changhyun;Park, Yongsuk
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.12
    • /
    • pp.2325-2332
    • /
    • 2017
  • Consulting projects such as diagnosis of vulnerabilities of major information and telecommunication infrastructure are increasing, mandatory public information infrastructure assessment (PIA) for public institutions and ISMS (Information Security Management System) The demand for information protection consulting is continuously increasing as the field obeys the law, but the lack of information security consultant is not improving. One reason is that information security consultants are not being developed to meet the increasing demand for information protection consulting. In this paper, we present the case of information protection consulting as a scenario for studying and educating the duty of information security consultant by studying overseas case and domestic case based on standardization and standardization. We propose a problem-based learning (PBL) training method. In addition, we analyze the effectiveness of the PBL - based learning method.

A Study on Quantitative Security Assessment after Privacy Vulnerability Analysis of PC (PC의 개인정보보호 취약점 분석과 정량화된 보안진단 연구)

  • Seo, Mi-Sook;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2012.05a
    • /
    • pp.456-460
    • /
    • 2012
  • Privacy Protection Act of 30 March 2012 was performed. In general, personal information management to enhance security in the DB server has a security system but, PC for the protection of the privacy and security vulnerability analysis is needed to research on self-diagnosis. In this paper, from a PC to search information relating to privacy and enhance security by encrypting and for delete file delete recovery impossible. In pc found vulnerability analysis is Check user accounts, Checking shared folders ,Services firewall check, Screen savers, Automatic patch update Is checked. After the analysis and quantification of the vulnerability checks through the expression, enhanced security by creating a checklist for the show, PC security management, server management by semi-hwahayeo activates. In this paper the PC privacy and PC security enhancements a economic damage and of the and Will contribute to reduce complaints.

  • PDF

Multi-level Protection Infrastructure for Virus Protection (다단계 바이러스 차단 구조 연구)

  • 노시춘;김귀남
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.187-198
    • /
    • 2004
  • Virus protection infrastructure management is network infrastructure management, traffic route management, virus protection zone expansion, and virus protection management for gateway area. This research paper provides a diagnosis of characteristics and weaknesses of the structure of existing virus protection infrastructure, and recommends an improved multi-level virus protection infrastructure as a measure for correcting these weaknesses. Unproved virus protection infrastructure fitters unnecessary mail at the gateway stage to reduce the toad on server. As a result, number of transmission accumulation decreases due to the reduction in the CPU load on the Virus wall and increase in virus treatment rate.

  • PDF

A Study on the Liability of Information Protection for the Third Party Supply of Personal Information/Focus on Fintech Companies Using OPEN APIs (개인정보의 제3자 제공시 정보보호 관련 법상 책임에 관한 연구/OPEN API 이용 핀테크 기업을 중심으로)

  • Kim, Jo-eun;Kim, In-seok
    • The Journal of Society for e-Business Studies
    • /
    • v.22 no.4
    • /
    • pp.21-38
    • /
    • 2017
  • It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.

A Study on the Management Capabilities Enhancement of Consignor's Personal Information Protection (위탁자의 개인정보보호 관리역량 제고에 관한 연구)

  • Cheong, Hwan-Suk;Park, Euk-Nam;Lee, Sang-Joon
    • Journal of Internet Computing and Services
    • /
    • v.17 no.4
    • /
    • pp.95-113
    • /
    • 2016
  • Personal information processing works, including resident registration number is common to be consigned by IT specialized company due to high level expertise and tremendous cost. The accident related to personal information is increasing and most of accidents are caused by the consignee's leaking information. According to the Inspection of personal information protection and the management level diagnosis of personal information protection, public Institutions need to build the consignee's accident prevention and personal information management system as soon as possible. In this paper, the efficient enhancement ways for the personal information protection is studied. We analyze the law of business consignment and select basic management items related with personal information protection, and propose a analysis scheme for management level of personal information protection and a enhancement scheme for management system of personal information protection. This paper suggests consignee's management system of personal information protection for the enhancement way and the three Strengthening ways in law. To compose the a enhancement scheme for management system of personal information protection, we conduct questionnaire survey to 30 consignees(IT maintenance, notice printing, call center, welfare center) related to typical tasks of public organizations, present reference for this scheme, and execute verification of this scheme by focus group interview of consignor and consignee.