• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.45-52
• /
• 2017

The Cybersecurity Information Sharing Act(CISA) of 2015, enacted in December 2015, is one of the greatest achievements of cybersecurity legislation in the United States. The promotion of cybersecurity information sharing is one of the tasks to improve cybersecurity governance in Korea. So it is an important issue to be addressed in cybersecurity legislation in Korea in the near future. CISA has many implications for cybersecurity legislation in Korea. Nevertheless, it is difficult to find preceding research that explain the content of CISA and study its normative meaning in Korea. Therefore, in this paper, the contents of the CISA is identified and its normative meaning and implication is found in five categories: definition of terms, establishment of information sharing procedures and conditions, promotion of voluntary information sharing by the private sector, checks on the executive branch and report to the Congress, and other matters. CISA facilitates information sharing based on willingness, while eliminating the side effects that may arise in the information sharing process. It is necessary to appropriately apply the good points of CISA to the cybersecurity legal system in Korea.

• Current Optics and Photonics
• /
• v.6 no.5
• /
• pp.453-462
• /
• 2022

Blockchain technology provides a decentralized and peer-to-peer network, which has the advantages of transparency and immutability. In this paper, a novel secure authentication scheme applying digital holography to blockchain technology is proposed to protect privacy information in network nodes. The transactional information of the node is chained permanently and immutably in the blockchain to ensure network security. By designing a novel two-dimensional (2D) array data structure of the block, a proof of work (PoW) in the blockchain is executed through digital holography technology to verify true authentication and legal block linkage. A hash generated from the proposed algorithm reveals a random number of 2D array data. The real identity of each node in the network cannot be forged by a hacker's tampering because the privacy information of the node is encrypted using digital holography and stored in the blockchain. The reliability and feasibility of the proposed scheme are analyzed with the help of the research results, which evaluate the effectiveness of the proposed method. Forgery by a malicious node is impossible with the proposed method by rejecting a tampered transaction. The principal application is a secure anonymity system guaranteeing privacy information protection for handling of large information.

• The Journal of the Korea Contents Association
• /
• v.9 no.12
• /
• pp.787-796
• /
• 2009

The electronic commerce keeps going through a tremendous growth since the latter half of 1990's. But the consumer damages are being increased from characteristics such as non-confrontation, anonymity, internationality, unilaterality and possibility of temptation. Accordingly, this thesis has derived legal and systematic improvements for consumer protection in general as follows. First of all, it is necessary to extend the period to exercise the subscription withdrawal rights according to electronic commerce consumer protection law. Second, the electronic commerce has high possibility of causing errors by consumers because it is performed by non-confrontation and the accurate information must be provided to prevent errors in advance because it is not easy for consumers to prove their own errors. Third, a certification mark system on electronic agreement has to be adopted. Fourth, the legal, systematic and technological measures have to be adopted to prevent from having a sense of fear toward leaking or using personal information through a safe personal information management. Fifth, a strict supervision on internet trust mark is required. Finally, because the intervention or interference by a third party may take place through a hacking on messages or documents sent according to procedure in terms of online settlement, it is necessary to raise security on the system through a precise authentication between concerned parties.

• Management & Information Systems Review
• /
• v.4
• /
• pp.611-629
• /
• 2000

In the legislation interpretation and fundamental viewpoint about the legal system of insider trading, Japan strictly legislate under the proposition, the principle of 'nulla poena,' adopted 'the principle of limited enumeration,' and United states, under 'the principle of comprehension,' has entrusted courts with establishment of concrete concepts and standard, so the courts are very flexible in determining the range of insiders and the importance of inside information to show a strong will to eradicate insider trading. Korea has a legislative position of 'the principle of limited indication' which has been created by the negotiation between those principles of United states and Japan. Though this court has interpreted insider trading, insider trading using non-disclosed information has increased lately, needing the strengthening of its regulations. However, this shows us that sophisticate the regulations may be, the exposure of insider trading has limitations. The most important thing is to change recognition for transparency of the securities market, security of investors and to establish the atmosphere which is that fair stock trading made in a sound capital market to raise funds for corporation. The policies of improving unfair trading, self-regulation bodies, raising the transparency and legality of procedures of supervision and monitoring and applying 'compliance program' to stock companies are very needed to eliminate unfair trading in the securities market and establish the order of trading.

• Korean Security Journal
• /
• no.44
• /
• pp.85-116
• /
• 2015

Found in 23 Dec 1953 to cope with illegal fishing of foreign ships and coastal guard duty, Korea Coast Guard was re-organized as an office under Ministry of Public Safety since the outbreak of sinking of passenger ship "Sewolho". In the course of re-organization, intelligence and investigation duty were transferred to Police Department except "Cases happened on the sea". But the definition of intelligence duty is vague and there are lots of disputes over the jurisdiction and range of activities. With this situation in consideration, the object of this study is to analyse legal and institutional characteristic of KCG Intelligence, to compare them to that of Police Department, foreign agencies like Japan Coast Guard and US Coast Guard, to expose the limit and to suggest solution. To summarize the conclusion, firstly, in the legal side, there is no legal basis on intelligence in [The Government Organization Act], no regulation for mission, weak basis in application act. Secondly, in the institutional side, stated in the minor chapter of [The Government Organization Act], 'the cases happened on sea' is a quite vague definition, while guard, safety, maritime pollution duty falls under 'on the sea' category, intelligence fell to 'Cases happened on the sea' causing coast guard duty and intelligence have different range. In addition, reduced organization and it's manpower led to ineffective intelligence activities. In the case of Police Department, there is definite lines on 'administration concerning public security' in [The Government Organization Act], specified the range of intelligence activities as 'collect, make and distribute information concerning public security' which made the range of main duty and intelligence identical. Japanese and US coast guards also have intelligence branch and performing activities appropriate for the main missions of the organizations. To have superiority in the regional sea, neighboring countries Japan and China are strengthening on maritime power, China has launched new coast guard bureau, Japan has given the coast guard officers to have police authority in the regional islands, and to support the objectives, specialized intelligence is organized and under development. To secure maritime sovereignty and enhance mission capability in maritime safety duty, it is strongly recommended that the KCG intelligence should have concrete legal basis, strengthen the organization and mission, reinforce manpower, and ensure specialized training administrative system.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.37-52
• /
• 2020

The EU, the United Kingdom and South Korea are actively pursuing open banking to open financial information to fintech companies for financial structure reform and convenience of financial consumers. As open banking is gradually activated, the importance of stability and protecting users of open banking will increase. In particular, Korea has an electronic financial transaction law that has been in effect since 2007 to secure the stability and reliability of electronic financial transactions, but it is difficult to apply to participating organizations in open banking, so there is a risk of preventing security accidents and weakening user protection in open banking. Therefore, this paper examines the foreign legal system of open banking and analyzes the structure and characteristics of domestic open banking and suggests the ways to improve regulations necessary to strengthen open banking stability and user protection.

• Journal of Digital Convergence
• /
• v.20 no.4
• /
• pp.367-376
• /
• 2022

In traditional criminal cases, there is a limit to information collection because information on the subject of investigation is provided only with personal information held by the national organization of legal. Surface web-based OSINT(Open Source Intelligence), including SNS and portal sites that can be searched by general search engines, can be used for meaningful profiling for criminal investigations. The Korean-style OSINT workflow can effectively profile based on OSINT, but in the case of individuals, OSINT that can be collected is limited because it begins with "name", and the reliability is limited, such as collecting information of the persons with the same name. In order to overcome these limitations, this paper defines information related to individuals, i.e., equivalent information, and enables efficient and accurate information collection based on this. Therefore, we present an improved workflow that can extract information related to a specific person, ie., equivalent information, from OSINT. For this purpose, different workflows are presented according to the person's profile. Through this, effective profiling of a person (individuals) is possible, thereby increasing reliability in collecting investigation information. According to this study, in the future, by developing a system that can automate the analysis process of information collected using artificial intelligence technology, it can lay the foundation for the use of OSINT in criminal investigations and contribute to diversification of investigation methods.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.2
• /
• pp.171-179
• /
• 2008

RBAC(Role based Access Control) is effective way of managing user's access to information object in enterprise level and e-government system. The concept of RBAC is that the access right to object in a system is not directly assigned o users but assigned by being a member of a role which is defined in a organization. RBAC is utilized for controling access range of privacy but it does not support the personal legal right of control over information and right of limited access to the self. Nor it contains the way of observation of privacy flow that is guided in a legal level. In this paper, extended RBAC model for protecting privacy will be suggested and discussed. Two components of Data Right and Assigning Data Right are added to existed RBAC and the definition of each component is redefined in aspect of privacy preservation. Data Right in extended RBAC represents the access right to privacy data. This component provides the way of control over who can access which privacy and ensures limitation of access quantity of privacy. Based on this extended RBAC, implemented examples are presented and the evaluation is discussed by comparing existed RBAC with extended RBAC.

• Journal of the Society of Disaster Information
• /
• v.9 no.1
• /
• pp.87-96
• /
• 2013

The purpose of this research is to suggest specialization measures of student protecting manpower for the prevention of school violence in Korea. Therefore, student protecting manpower's legal limitation, insufficiency of professionalism, insufficiency of recruitment standard's suitability, insufficiency of educational training, cooperative problem with related institutions and ethical problems were drawn as the problems of student protecting manpower. The measures for improving those problems are as follows. The first is to revise laws related to school protecting manpower and strengthen systems. The second is to prepare proper standard to recruit student protecting manpower. The third is to establish professional training institution of student protecting manpower. The fourth is to establish close cooperation system with institutions related to student protection. The fifth is to legislate ethics codes of student protecting manpower.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.301-321
• /
• 2024

Generative artificial intelligence is currently developing rapidly and expanding industrially. The development of generative AI is expected to improve productivity in most industries. However, there is a probability for exploitation of generative AI, and cases that actually lead to crime are emerging. Compared to the fast-growing AI, there is no legislation to regulate the generative AI. In the case of Korea, the crimes and risks related to generative AI has not been clearly classified for legislation. In addition, research on the responsibility for illegal data learned by generative AI or the illegality of the generated data is insufficient in existing research. Therefore, this study attempted to classify crimes related to generative AI for domestic legislation into generative AI for target crimes, generative AI for tool crimes, and other crimes based on ECRM. Furthermore, it suggests technical countermeasures against crime and risk and measures to improve the legal system. This study is significant in that it provides realistic methods by presenting technical countermeasures based on the development stage of AI.