• 정보학연구
• /
• 제2권1호
• /
• pp.53-64
• /
• 1999

전자상거래는 현재 가장 발전 가능성이 높은 거래 형태 중 하나라 할 수 있다. 그러한 전자상거래를 가능케 하는 요인들은 여러 가지가 있다. 그 중에서도 합리적이며 모든 이들이 인정할 수 있는 새로운 형태의 문서 즉 전자 문서의 필요성은 날로 증대하고 있다. 원활한 전자상거래를 위해서는 각종 계약서와 선하증권과 같은 상거래에 필요한 문서들의 처리가 필요하다 하겠다. 따라서 본 고에서는 전자문서가 기존의 전통적인 문서(종이문서)를 대체할 수 있는가의 문제와 전자문서의 증거방법 및 증거능력에 관하여 고찰하였다.

• 정보보호학회논문지
• /
• 제16권2호
• /
• pp.33-43
• /
• 2006

기관이나 기업은 효율적인 개인별 서비스를 위해 정보주체의 동의하에 개인정보를 수집 관리하고 있다. 그러나 데이터 베이스 관리자를 비롯한 정보사용자들은 저장된 개인정보를 무분별하게 접근하여 개인정보 오남용과 유출가능성을 높아지고 있다. 개인정보 보호를 위해 기관이나 기업이 자체 정책에 따라 개인정보에 대한 접근제어를 하는 시스템이라 할지라도 정보주체 자신의 정보에 대한 접근제어가 의도를 충분히 반영하기가 어렵다. 이 논문에서는 암호기법을 이용하여 정보사용자의 불법적인 접근을 차단하고 정보별로 접근제한을 할 수 있는 프라이버시 정책 기반의 접근제어 기법을 제안한다. 제안 기법에서 개인정보는 각기 다른 키로 암호화하여 데이터베이스에 저장된다. 정보주체는 자신의 정보 접근권한에 대한 정책을 세우며, 그 정책에 따라 정보사용자에게 키를 부여하므로써 정보 접근의 통제가 가능하다.

• 한국전자통신학회논문지
• /
• 제7권2호
• /
• pp.287-293
• /
• 2012

정보처리 시스템의 프로세서가 작업 대상으로 하는 다양한 콘텐츠 정보가 온라인상에서 놀라울 정도로 확대되어진 시점은 불과 몇 년 전이다. 2000년을 실시간 공유와 같은 정보 및 자료의 홍수가 이루어진 기술기반의 해라면, 이후 2011년까지는 활용기반의 기능과 솔루션이 넘쳐나는 기간이었다. 또한 이러한 정보처리 시스템의 활용도가 높아지는 과정 속에서 2009년과 2010년에는 대규모 개인정보의 유출사건이 발생한바 있고 정보의 보호를 위한 방어와 보호를 위한 기술과 솔루션들이 지속적으로 개발, 적용되고 있다. 하지만 외부로부터의 불법접근의 문제점에서 그 범주가 확대되어 내부 사용자 또는 내부 정보처리 시스템과 클라이언트 시스템에 숨겨진 Agent 등으로 인한 피해는 날로 증가하고 있다. 따라서 본 논문에서는 내부정보에 대한 접근 제어와 관리자 및 내부 사용자의 계층별 권한설정에 대한 효율성 기반의 정보보호를 위한 연구가 필요하며, 본 연구 결과로 SOHO급 네트워크에서 대규모 네트워크에 이르기까지 실무에서 보안기법으로 활용 가능한 연구 자료를 제공코자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권2호
• /
• pp.626-643
• /
• 2023

As mobile forensics has emerged as an essential technique, the demand for technology development, education and training is increasing, wherein images are used. Academic societies in South Korea and national institutions in the US and the UK are leading the Mobile Forensic Image development. However, compared with disks, images developed in a mobile environment are few cases and have less active research, causing a waste of time, money, and manpower. Mobile Forensic Images are also difficult to trust owing to insufficient verification processes. Additionally, in South Korea, there are legal issues involving the Telecommunications Business Act and the Act on the Protection and Use of Location Information. Therefore, in this study, we requested a review of a standard model for the development of Mobile Forensic Image from experts and designed an 11-step development model. The steps of the model are as follows: a. setting of design directions, b. scenario design, c. selection of analysis techniques, d. review of legal issues, e. creation of virtual information, f. configuring system settings, g. performing imaging as per scenarios, h. Developing a checklist, i. internal verification, j. external verification, and k. confirmation of validity. Finally, we identified the differences between the mobile and disk environments and discussed the institutional efforts of South Korea. This study will also provide a guideline for the development of professional quality verification and proficiency tests as well as technology and talent-nurturing tools. We propose a method that can be used as a guide to secure pan-national trust in forensic examiners and tools. We expect this study to strengthen the mobile forensics capabilities of forensic examiners and researchers. This research will be used for the verification and evaluation of individuals and institutions, contributing to national security, eventually.

• 통상정보연구
• /
• 제12권1호
• /
• pp.35-54
• /
• 2010

This article explored the bank's responsibilities in electronic payment system between Korea and U.S.A. In order to complete my research object, I used Article 4A of the U.C.C. and EFTA of 1978 and by Electronic Financial Transaction Act of Korea as a analytic instruments. I also adapted America's various regulations to regulate concerned parties(banks). The system of this article is going to display as fellows; First, I presented recent trend and legal stabilities of electronic payment in this article. Second, I focuses on the allocation of risk of loss caused by ambiguous term in payment orders that do not express the subjective intention of the senders. I also did analyze the solution procession of error occurring in course of send of payment order. Third, In any action which involves a customers's liability for an unauthorized electronic fund transfer, the burden of proof is upon the financial institution to show that the electronic fund transfer was authorized. Forth, Customers have to report the error and unauthorized electronic fund transfer after awaring of it. Then bank will be liable for such a unauthorized electronic fund transfer. But If customer's failure to report, the bank has exemptions. Lastly, In order to prevent or detect the unauthorized electronic fund transfer, bank will agree with custom to establish a commercially reasonable security procedure, while bank has duties to notify in order to decrease the loss resulted from unauthorized payment order in korea law.

• International Journal of Computer Science & Network Security
• /
• 제22권2호
• /
• pp.15-22
• /
• 2022

Modern technology drives the world, increasing performance while reducing labor and time expenses. Tanzania Atomic Energy Commission (TAEC) tracks employee's levels of exposure to radiation sources using dosimeters. According to legal compliance, workers wear dosimeters for three months and one month at the workplace. However, TAEC has problems in tracking, issuing and returning dosimeters because the existing tracking is done manually. The study intended to develop a Personal Dose Management System (PDMS) that processes and manages the data collected by dosimeters for easy and accurate records. During the requirements elicitation process, the study looked at the existing system. PDMS' requirement gathering included document reviews, user interviews, and focused group discussions. Development and testing of the system were implemented by applying the evolutionary prototyping technique. The system provides a login interface for system administrators, radiation officers, and Occupational Exposed Workers. The PDMS grants TAEC Staff access to monitor individual exposed workers, prints individual and institutional reports and manages workers' information. The system reminds the users when to return dosimeters to TAEC, generate reports, and facilitates dispatching and receiving dosimeters effectively. PDMS increases efficiency and effectiveness while minimizing workload, paperwork, and inaccurate records. Therefore, based on the results obtained from the system, it is recommended to use the system to improve dosimeter data management at the institution.

• 한국측량학회지
• /
• 제40권4호
• /
• pp.351-357
• /
• 2022

In this study, a direction for deregulation that can increase the use of drones in the field of spatial information is presented. Regulations and administrative procedures for drone operation showed similar procedures in Japan, the United States, and Korea, such as reporting flight equipment, driver's license, and prohibition of flying within a specific flight zone. In the United States, policies to encourage the use of commercial drones have been implemented, and Japan has slightly tightened regulations on drone operation to protect the Olympics and important national facilities. As a result of the study, in the area where drone operation is restricted for geospatial data construction, Korea was setting the largest area, and GIS analysis showed that Korea's drone flight restricted area was more than 19.4% of the country's land area. In order to increase the utilization of drones in the construction and utilization of spatial information in the future, it is necessary to reset the drone flight restriction zone and reduce the area of the drone flight restriction zone. In addition, it was found that Korea is the only country that has formal and specific regulations on geospatial information security management. In order to increase the construction of geospatial information using drones, it is necessary to ease GSD (Ground Sample Distance)regulations.

• 중소기업융합학회논문지
• /
• 제5권2호
• /
• pp.1-6
• /
• 2015

중소기업은 정보시스템의 안전성을 확보하기 위한 조치들이 대기업에 비해 미흡하다. 이런 상황에서 공격자의 공격으로부터 정보유출시 회사이미지, 법적 피해보상 등 어려움을 가지게 된다. 정보시스템을 악성코드을 이용한 정보 유출이나 APT 공격 등 해킹 기법을 알아본다. 특히, APT 공격은 '지능적 지속 위협(Advanced Persistent Threats, 이하 APT)' 공격으로 공격 대상에게 몰래 접근한 뒤 일정 기간 잠복기를 가지고 있다가 공격 대상과 관련한 모든 정보를 오랜 시간 동안 살펴보고, 은밀히 활동하면서 흔적을 남기지 않고 공격 대상의 보안 서비스를 무력화시킨 상태에서 정보를 유출한다. 공격의 흔적이 남지 않도록 로그 등 자신의 흔적을 삭제하면서 공겨하기 때문에 공격 사실을 시간이 지난 후에 인지하므로 그 피해가 크다. 본 논문에서는 공격 방법이나 과정을 알아보고, 공격에 대한 대응방안을 모색한다.

• International Journal of Computer Science & Network Security
• /
• 제21권8호
• /
• pp.71-78
• /
• 2021

The relevance of research provides the necessity to identify the basic problems in the public governance sphere and information technology relations, forasmuch as understanding such interconnections can indicate the consequences of the development and spreading information technologies. The purpose of the research is to outline the issues of applying information technologies in public governance sphere. 500 civil servants took part in the survey (Ukraine). A two-stage study was conducted in order to obtain practical results of the research. The first stage involved collecting and analyzing the responses of civil servants on the Mentimeter online platform. In the second stage, the administrator used the SWOT-analysis system. The tendencies in using information technologies have been determined as follows: the institutional support development; creation of analytical portals for ensuring public control; level of accountability, transparency, activity of civil servants; implementation of e-government projects; changing the philosophy of electronic services development. Considering the threats and risks to the public governance system in the context of applying information technologies, the following aspects generated by societal requirements have been identified, namely: creation of the digital bureaucracy system; preservation of information and digital inequality; insufficient level of knowledge and skills in the field of digital technologies, reducing the publicity of the state and municipal governance system. Weaknesses of modern public governance in the context of IT implementation have been highlighted, namely: "digitization for digitalization"; lack of necessary legal regulation; inefficiency of electronic document management (issues caused by the imperfection of the interface of reporting interactive forms, frequent changes in the composition of indicators in reporting forms, the desire of higher authorities to solve the problem of their introduction); lack of data analysis infrastructure (due to imperfections in the organization of interaction between departments and poor capacity of information resources; lack of analytical databases), lack of necessary digital competencies for civil servants. Based on the results of SWOT-analysis, the strengths have been identified as follows: (possibility of continuous communication; constant self-learning); weaknesses (age restrictions for civil servants; insufficient acquisition of knowledge); threats (system errors in the provision of services through automation); opportunities for the introduction of IT in the public governance system (broad global trends; facilitation of the document management system). The practical significance of the research lies in providing recommendations for eliminating the problems of IT implementation in the public governance sphere outlined by civil servants..

• International Journal of Computer Science & Network Security
• /
• 제22권1호
• /
• pp.113-120
• /
• 2022

Information technologies in higher education are the basis for solving the tasks set by monitoring the quality of higher education. The directions of aplying information technologies which are used the most nowadays have been listed. The issues that should be addressed by monitoring the quality of higher education with the use of information technology have been listed. The functional basis for building a monitoring system is the cyclical stages: Observation; Orientation; Decision; Action. The monitoring system's considered cyclicity ensures that the concept of independent functioning of the monitoring system's subsystems is implemented.. It also ensures real-time task execution and information availability for all levels of the system's hierarchy of vertical and horizontal links, with the ability to restrict access. The educational branch uses information and computer technologies to monitor research results, which are realized in: scientific, reference, and educational output; electronic resources; state standards of education; analytical materials; materials for state reports; expert inferences on current issues of education and science; normative legal documents; state and sectoral programs; conference recommendations; informational, bibliographic, abstract, review publications; digests. The quality of Ukrainian scientists' scientific work is measured using a variety of bibliographic markers. The most common is the citation index. In order to carry out high-quality systematization of information and computer monitoring technologies, the classification has been carried out on the basis of certain features: (processual support for implementation by publishing, distributing and using the results of research work). The advantages and disadvantages of using web-based resources and services as information technology tools have been discussed. A set of indicators disclosed in the article evaluates the effectiveness of any means or method of observation and control over the object of monitoring. The use of information technology for monitoring and evaluating higher education is feasible and widespread in Ukrainian education, and it encourages the adoption of e-learning. The functional elements that stand out in the information-analytical monitoring system have been disclosed.