• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2013년도 춘계학술대회
• /
• pp.693-696
• /
• 2013

정보보호시스템(Information protection system)기반의 IT 환경 구축이 보편화되면서 공공기관 및 기업체에서는 정보시스템 자원의 활용과 통합을 위한 하나의 필수적인 환경으로 인식하기 시작하였고, 클라우드 시스템(Cloud System), 클라우드 보안(Cloud Security), 빅데이터(Big Data), 빅데이터 보안(Big Data Security), 산업보안(Industry Security)등이 이슈화 되고 있다. 이러한 영향으로 인해 정보보호시스템(Information protection system) 구축에 따른 내외부적인 보안 위협요소 분석과 대응방안 수립하고자 한다. 본 논문에서는 정보보호시스템(Information protection system) 도입에 따른 여러 가지 보안 위협요소를 알아보고 특히 산업보안적인 측면과 내외부 보안위협요소에 관한 측면을 조명하여 대응방안 수립에 관한 기반 지식을 제공하고자 한다.

• 디지털산업정보학회논문지
• /
• 제8권1호
• /
• pp.89-98
• /
• 2012

According to the enforcement of Personal Information Protection Act as of September 2011, the laws and regulations for the protection of personal information that were applied only to the certain sectors such as information & communication network, financial institutions, public sector etc. for the time being has been expanded to apply to all public and private sectors to process personal information. In particular, because the public institutions are obliged to be mandatorily conducted of the Privacy Impact Assessment, it will be enforced in earnest for each agency's informationization business that handles personal information. In this paper, I examine the most derived vulnerability and set up the improvement measure to supplement it with the examples of 10 of all the institutions conducting the Privacy Impact Assessment in the year 2011. And, I suggest the measures to be prepared by the institutions to observe the Personal Information Protection Act.

• 한국컴퓨터산업학회논문지
• /
• 제5권8호
• /
• pp.811-818
• /
• 2004

인터넷의 보급과, 산업 및 생활 전반에 걸쳐 전산화가 이루어지면서 사생활 보호 및 정보보호에 대한 요구가 증가하고 있지만 정보보호 산업분야의 전문 인력의 부족으로 많은 어려움이 있다. 때문에 본 논문에서는 정보보호 전문 인력 양성을 위한 교육과정을 제안하였다. 제안하는 교육과정은 필수 1,2 와 선택 1,2로 분류하였다. 정보보호 응용분야를 9개의 도메인으로 세분화 하여 시행되어야 할 교육과정을 링 구조로 제시하였다. 정보보호 응용분야의 9개 도메인에 따른 현장 실무 프로젝트와 연계된 교육 과정과 졸업 후 전공심화를 위한 강좌가 도메인별로 이루어져서 정보보호 심화과정을 지속적으로 진행한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권11호
• /
• pp.5654-5673
• /
• 2016

Participatory sensing applications rely on recruiting appropriate participants to share their surrounding conditions with others, and have been widely used in many areas like environmental monitoring, health care, and traffic congestion monitoring, etc. In such applications, how to ensure the privacy of a participant is important, since incentive mechanisms are used to maintain their enthusiasm for sustainable participation by offering certain amount of reward. In this paper, we propose a pseudonym-based privacy protection scheme, that takes both privacy protection and user incentives into consideration. The proposed scheme uses the pseudonym mechanism and one-way hash function to achieve user incentives, while protecting their identity. We also show extensive analysis of the proposed scheme to demonstrate that it can meet the security and performance the requirement of a participatory sensing application.

• 한국병원경영학회지
• /
• 제24권2호
• /
• pp.56-66
• /
• 2019

PURPOSE: To demonstrate that the training of information protection for members at medical institutions increases the information protection activities of employees. METHODS: We used the chi-square test and the logistic regression model to analyze the data of the "Healthcare Information and Communication Status Survey in 2017" (n = 2002) conducted by the Korea Health Industry Development Institute RESULTS: As a result of the analysis, the information protection activity increased when the education was received and the number of received more than the education was not received. Especially, when the management receives education, it affects the information protection activities of the employees. CONCLUSION: In order to protect medical information, medical institutions need to provide education on information protection for management and employees.

• 한국IT서비스학회지
• /
• 제10권4호
• /
• pp.21-32
• /
• 2011

The recently revised "Telecommunications Business Promotion and Personal Data Protection Act" is an important legal milestone in promoting the Korean telecommunications infrastructure and industry as well as protecting individuals' personal data and individuals' rights to privacy. Special characteristics of information security and privacy protection services including public goods' feature, adaptiveness, relativity, multi-dimensionality, and incompleteness, are reviewed. The responsibility of chief security/privacy officers in the IT industry, and the fairness and effectiveness of the criminal negligence in the Telecommunications Act are analyzed. An assessment of the rationale behind the act as well as a survey of related laws and cases in different countries, offers the following recommendations : i) revise the act and develop new systems for data protection, ii) grant a stay of execution or reduce the sentence given extenuating circumstances, or iii) use technical and managerial measures in data protection for exemption from criminal negligence.

• 디지털산업정보학회논문지
• /
• 제4권2호
• /
• pp.57-66
• /
• 2008

There have been proposed various copyright protection protocols in network-based digital multimedia distribution framework. However, most of conventional copyright protection protocols are focused on the stability of copyright information embedding/extracting and the access control to data suitable for user's authority but overlooked the privacy of copyright owner and user in authentication process of copyright and access information. In this paper, we propose a solution that builds a privacy-preserving proof of copyright ownership of digital contents in conjunction with keyword search scheme. The appeal of our proposal is three-fold: (1) content providers maintain stable copyright ownership in the distribution of digital contents; (2) the proof process of digital contents ownership is very secure in the view of preserving privacy; (3) the proposed protocol is the copyright protection protocol added by indexing process but is balanced privacy and efficiency concerns for its practical use.

• 디지털산업정보학회논문지
• /
• 제13권1호
• /
• pp.37-48
• /
• 2017

As the risk of technical leakage is increasing, technology protection support systems for small and medium-sized businesses have gained attention. This paper analyzed the perception gap of the user and policy-maker regarding technology protection support systems. First, to identify key elements of technology protection support systems and construct measurement factors, interviews with experts are conducted. Then, surveys are conducted to analyze the perception differences between the users and policy-makers. Factor analysis and ANOVA have been utilized to analyze survey results. The result shows that the perception gaps exist in the following areas: management system, cost reduction, copyright protection, customer satisfaction, leakage prevention, and awareness. To enhance the effectiveness of technology protection support systems, this paper suggests technology protection support systems should be customized in terms of the company's size and type of busines.

• 디지털산업정보학회논문지
• /
• 제13권2호
• /
• pp.113-125
• /
• 2017

In today's highly competitive environment, the importance of technology protection cannot be overemphasized. To evaluate technology protection competency of Small and Medium-sized Enterprises(SMEs), Government has conducted surveys every year but its effectiveness is still in question. To enhance the effectiveness of technology protection for SMEs, a customized evaluation model of technology protection competency has been suggested in this study. Surveys are conducted to measure the relative importance of evaluation areas that can be influenced by the size and type of business. The analysis shows that there exists significant differences between evaluation areas. This study suggests that the effectiveness of technology protection can be enhanced by utilizing a customized evaluation model depending on the size and type of business. Also, the proposed model can be used for SMEs to identify and enhance their weakness in technology protection. Overall, it is expected that the proposed model can be effectively used to protect valuable technologies in various SMEs.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.87-109
• /
• 2016

This study intends to present an effective and efficient development plan about the information protection of medical institutions, by establishing the improvement plan about Personal Information Management System(PIMS) appropriate to the characteristics of medical information focusing on medical institutions generating and using domestic medical information, and doing an empirical study on medical information protection plan. For this, in view of the medical characteristics of the existing Information Security Management System(ISMS), the study presented a study model appropriated to medical institutions based on Personal Information Management Systems index specialized for personal information, and through this, presented the vulnerability diagnosis and vulnerability improvement plan. Based on ISMS index, it designed an improvement index of personal information protection management about each index. The study conducted a survey for executives and employees about PIMS. Accordingly, it presented vulnerability diagnosis items of the current management system indexes from the viewpoint of the people who establish and mange the personal information protection about patients' medical information targeting executives and employees who serve at hospitals and can access medical information.