• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.781-799
• /
• 2024

Recently, the US and EU have been institutionally introducing and promoting Coordinated Vulnerability Disclosure(CVD) to strengthen the response to security vulnerabilities in ICT products and services, based on collaboration with white-hat hackers. In response to these changes in cybersecurity, we propose a three-step approach to introduce CVD through the Information and Communications Network Act(ICNA). In the first step, to comprehend the necessity and requirements for legislating CVD, we survey the current situation in Korea and the trends of CVD in the US, EU, and OECD. In the second step, we analyze the necessity for legislating CVD and derive the requirements for its legislation. In this paper, we analyze the necessity for legislating CVD from three perspectives: the need for introducing CVD, the need for institutionalization based on law, and the suitability of the ICNA as the legislation. The derived requirements for CVD legislation include the establishment and publication of Vulnerability Disclosure Policy(VDP), legal protection for white-hat hackers, and designation and role assignments of coordinator. In the third step, we introduce approaches to apply the requirements for CVD legislation to the ICNA, which is the law governing prevention and response to cybersecurity incidents in private sector.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.45-52
• /
• 2017

The Cybersecurity Information Sharing Act(CISA) of 2015, enacted in December 2015, is one of the greatest achievements of cybersecurity legislation in the United States. The promotion of cybersecurity information sharing is one of the tasks to improve cybersecurity governance in Korea. So it is an important issue to be addressed in cybersecurity legislation in Korea in the near future. CISA has many implications for cybersecurity legislation in Korea. Nevertheless, it is difficult to find preceding research that explain the content of CISA and study its normative meaning in Korea. Therefore, in this paper, the contents of the CISA is identified and its normative meaning and implication is found in five categories: definition of terms, establishment of information sharing procedures and conditions, promotion of voluntary information sharing by the private sector, checks on the executive branch and report to the Congress, and other matters. CISA facilitates information sharing based on willingness, while eliminating the side effects that may arise in the information sharing process. It is necessary to appropriately apply the good points of CISA to the cybersecurity legal system in Korea.

• The Journal of the Korea Contents Association
• /
• v.10 no.1
• /
• pp.343-352
• /
• 2010

As a result of comparing and analyzing the related legislation of each nation, more superior legislative systems should be made to cope with a number of terrors effectively. And also it is required to devise some concrete regulations such as the following in superior legislative systems. First, because it is hard to collect information on terrorism and watch over suspects according to Communication Privacy Protection Law. More in-depth discussion into the issue of surveillance is needed for the protection of lives and property, although public concerns of privacy are a valid point of contention. Second, it is necessary to take complementary measures on immigration as surveillance, since the current Immigration Control Law has restrictions in many ways to hinder efforts to root out terrorists. Third, under the current law on financial activities, it is impossible to block influx of terror financing. Therefore it is necessary to come up with ways of making the punishment procedures. Fourth, considering that convicted terrorists get punished under the standard procedures and precedents, it is required to clearly differentiate between what the terror acts are and what terrorist groups are. Fifth, it is necessary to make use of the private security system to enhance the security system of national facilities.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.87-94
• /
• 2018

Privacy means the right not to interfere with the private life of an individual. Bio data is the most private personal information about the person itself, and according to advancement of technology, it is possible to analyze and judge individual as well as identify individual. The Personal Information Protection Act is based on global privacy principles, but the legislation for the protection of bio information has yet to be enacted. Therefore, it is time to protect biometric data as more sensitive information than general personal information. We will review the global privacy discussions for protecting biometric information and propose additional privacy principles and measures for utilization that should be defined in the biometric information protection guideline.

• Korean Security Journal
• /
• no.46
• /
• pp.63-86
• /
• 2016

The object of this study is to propose a study on the Private Investigator usage for Cyber Crime. The latest trend of cyber crime is being evolve in sophisticated and complex way over the global, like internet fraud, cyber gambling, hacking and etc. Hence national investigative authority mobilize high specialized skills and method of criminal investigation by each nation. But it is hard to respond in rapid and effective way because of propoor, distribution of group and insufficient of related legal system. Already in other countries, not considerable amount of services are given to private investigators in detection and tracking part which is inefficient by nation. So it has significantly meaningful to compensate the defect and study about private investigator usage as companion of cooperation policing for effectively respond to cyber-crime. The way to effectively deal with the cyber-crime is reevaluate meaning of partnership policing and need of private investigator usage. Also it is to analyze the main issue about introduction of a system and suggest the effective way of introduction. First, legislation of private investigator usage which is based upon partnership policing should be made up. Moreover, to establish the range of private investigator's business and enhance the reliability, it is to propose introduction of leading professional global certificate and license system with sufficient education and test. We are expecting introduction of private investigator usage can improve efficiency of investigation and promote effective countermeasures of cyber-crime.

• Korean Security Journal
• /
• no.54
• /
• pp.9-35
• /
• 2018

During the recent years, cyber attacks have been increasing both in the private sector and the government. Those include the DDOS cases in 2009, the Blue House cyber attack, bank hackings etc. Cyber threats are becoming increasingly serious. However, there is no basic law related to cyber security at present, and regulations related to cyber security are scattered in various domestic laws. This can lead to confusion in the application of the law and difficult to grasp the regulations related to cyber security. In order to overcome this situation, the bill on the prevention and countermeasures against cyber crisis was initiated in 2006, but it has been abrogated. Since then, it has been repeatedly proposed, but it has been abrogated repeatedly due to the overlapping of existing laws and concerns about infringement of personal information. The most recent initiative was the National Cyber Security Act, which was initiated by the government in January 2017. The act focuses on resolving the absence of a basic law related to cyber security, strengthening its responsiveness in the event of a cyber security crisis, and fostering security strength. Therefore, this study seeks to contribute to the establishment of National Cyber Security legislation as a basic law of cyber security by examining the necessity of National Cyber Security legislation through comparative legal analysis with existing domestic laws related to cyber security and suggesting policy implications.

• Journal of the Society of Disaster Information
• /
• v.19 no.2
• /
• pp.254-261
• /
• 2023

Purpose: With the diversification of modern society, it is difficult to predict crime types, and the limitations of the state's functions, such as human limitations and lack of budget, are increasing. Method: However, as the number of private investigation companies that do not use illegal means to solve the request increased, attempts were made to introduce a public detective system that would manage and supervise it and compensate for the gap in public power. Result: However, due to the nature of the Private Investigator system, legislation has not progressed as the National Police Agency and the Ministry of Justice are at odds with existing laws that guarantee existing jobs such as lawyers and credit research. Conclusion: Therefore, this study analyzes the bills related to the authorized detective to the National Assembly, examines major issues such as the scope of work of the authorized detective business, the selection of management and supervisory authorities, and suggests ways to improve the successful settlement of the Private Investigator system.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.12
• /
• pp.65-84
• /
• 1999

During the past few decades, we have witnessed three approaches to overcome the legal disparities between trading countries: - determining the individual governing law in accordance with the conflict of laws principle; - unifying and harmonizing private international law into uniform rules and substantive laws under the auspices of ICC, UNCITRAL, UNIDROIT and various NGOs ; and - drafting model laws like the UNCITRAL Model Law on Electronic Commerce and promoting member countries to enact them. Against this backdrop, the United Nations Convention on Contracts for the International Sale of Goods (CISG) and the process by which it was adopted, established the benchmark for the unification of commercial law. The CISG, completed in 1980, merged civil and common law concepts and came into force in 1988 after a certain number of countries endorsed the treaty. Besides the CISG, the U.N. Limitations Convention and the UNIDROIT Principles of International Commercial Law, to name a few, have attempted to set cross-border legal norms and standards in the international business transactions. However, since the advent of computer-based commerce, there have emerged all-out efforts to establish uniform rules before national legal systems have been developed. As a consequence, the Model Law on Electronic Commerce has become a specimen legislation covering functional equivalents of paper-based writing and signature. For the credit enhancement exemplified by the Uniform Rules for Demand Guarantees (ICC Publication No.458), the UNCITRAL prepared the U.N. Convention on Independent Guarantees and Stand-by Letters of Credit, which was adopted by the U.N. General Assembly in 1995 but remains still not effective as only two countries have ratified this treaty so far. In this connection, two draft conventions underway at UNIDROIT and UNCITRAL deserve our attention as the probability of unification in the Korean Peninsula is mounting. They are to create security interests for commercial finance in moveable equipment and accounts receivable. The UCC-type security rights are regarded to be useful to enable the North Koreans with limited properties to borrow from the banks.

• Korean Security Journal
• /
• no.49
• /
• pp.187-214
• /
• 2016

In the mordern society, the reliance on the cyber domain and the cyber connectivity has been increasingly strengthened. Due to this phenomenon, the cyberterror against critical infrastructures and state organs might lead to fatal consequences. Lately, North Korea's cyberattacks against South Korea's national organizations and financial computer networks are becoming more and more intelligent and sophisticated. The cyberattacks against such critical infrastructures have caused enormous economic loss and social disorder. This paper is designed to examine comparatively the cyberterror related laws and organizations of the advanced countries such as U.S. and U.K. and to draw implications. Although those countries are under different institutional and cultural backgrounds with varying security envrionments, they are identically pursuing measures by establishing government-wide counterterror system for coordination and cooperation. They are also commonly focusing upon creating new organizations equipped with new system and upon enhancing intelligence performance and devising punishment regulations. Korea is lack of framework laws regulating cyber security, having only scattered individual laws. Since such legal base is far from efficient counterterror activities, it is necessary that the legal and policy response of the advanced countries should be closely studied for selective introduction. That will eventually lead to legislation of cyber security law. With such legislation on hand, it is subsequently required to strengthen crisis management for prevention of cyberterror and to create joint response team, cooperating with private organizations.

• Korean Security Journal
• /
• no.34
• /
• pp.7-32
• /
• 2013

The idea of this study was derived from awareness of local governments and police's limitation on attempts to 'creating safe park'. The purpose of this study is to examine current political measures of preventing various types of possible crimes in the park and the limitation of those policies. Furthermore, this study aims to suggest possible explanations to utilize Private Security Sector for the effective and continuous way of managing park safety by considering legal and practical solutions and its expectations. The methods of analysis used in this study are, first, literature review of current park safety management policies. Second, this article examined implications of strategies of those policies throughout the case study of the USA's park safety policy. Third, this study suggested plans of action and role of Private Security Sector to improve park safety. The results present several arguments for the park safety. First, legislation of mandatory crime preventing programme in the early stages of designing park is required. Introducing the 'park special judicial police system' to the major parks for a immediate response to the crime can be one of suggestions. Moreover, proactive police response systems, such as one of the Seoul Metropolitan Police's policies- 'returning safe parks to a citizen' are required. Second, the case study of the USA regarding park safety confirmed that major parks in the USA have rigorous and detailed park regulations. It also showed that those parks take not only preventing measures, but also follow-up measures against crimes. Third, the results suggest creating human resources by contracting out Park Managers and Private Security Sector that have specialized experiences and techniques to prevent crimes and public disorders. Overall in this study, increased citizen's satisfaction level, control of continuous and systematic crimes, the spread of joint-production of public safety, and increased fields of the Private Security Sector are expected from the findings.