• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.705-715
• /
• 2017

Today, the world is evolving into a huge community that can communicate with real-time information sharing and communication based on the rapid advancement of scientific technology and information. Behind this information, the adverse effects of information assets, such as hacking, viruses, information assets, and unauthorized disclosure of information assets, are continually increasing as a serious social problem. Each time an infringement of the invasion and personal information leaks occur, many regulatory policies have been announced, including stricter regulations for protecting the privacy of the government and establishing comprehensive countermeasures. Also, companies are making various efforts to increase awareness of the importance of information security. Nevertheless, information security accidents like the leaks of industrial secrets are continuously occurring and the frequency is not lessening. In this thesis, I proposed a customized security policy methodology that supports users with various business circumstances and service and also enables them to respond to the security threats more confidently and effectively through not a monotonous and technical but user-centered security policy.

• Korean Security Journal
• /
• no.61
• /
• pp.285-305
• /
• 2019

In the bill of [Act on Certified Detective and Certified Detective Business] (hereinafter referred to as the Certified Detective Act) proposed and represented by the member of National Assembly, Lee Wan-Yong in 2017, the legislative point of view showed that various incidents and accidents, including new crimes, are frequently increasing as society develops and becomes more complex, however, it is not possible to solve all the incidents and accidents with the investigation force of the state alone due to manpower and budget, and therefore, a certified detective or private investigator are required. According to the decision of the Constitutional Court in June 2018, Article 40 (4) of the Act on the Use and Protection of Credit Information is concerned with 'finding the location and contact information of a specific person or investigating privacy other than commerce relations such as financial transactions' are prohibited. It is for the purpose of preventing illegal acts in the process of investigation such as the location, contact information, and the privacy of a specific person and protecting the privacy and tranquility of personal privacy from misuse and abuse of the personal information etc. Such 'privacy investigation business' currently operates in the form of self-employment business, which becomes a social issue as some companies illegally collect and provide such privacy information by using illegal cameras or vehicle location trackers and also comes to be the objects of clampdown of the investigative agency. Considering this reality, because it is difficult to find a resolution to materialize the legislative purpose of the Act on the use and protection of credit information other than prohibiting 'investigation business including privacy etc' and it is possible to run a similar type of business as a detective business in the scope that the laws of credit research business, security service business, the position of the Constitutional Court is that 'the ban on the investigations of privacy etc' does not infringe the claimant's freedom to choose a job. In addition to this decision, the precedent positions of the Constitutional Court have been that, in principle, the legislative regulation of a particular occupation was a matter of legislative policy determined by the legislator's political, economic and social considerations, unless otherwise there were any special circumstances, and. the Constitutional Court also widely recognized the legislative formation rights of legislators in the qualifications system related to the freedom of a job. In this regard, this study examines the problems and improvement plans of the certified detective system, focusing on the certified detective bill recently under discussion, and tries to establish a legal basis for the certified detective and certified detective business, in order to cultivate and institutionalize the certified detective business, and to suggest methodologies to seek for the development of the businesses and protect the rights of the people.

• Journal of Convergence for Information Technology
• /
• v.9 no.7
• /
• pp.14-24
• /
• 2019

It is necessary to look into multiple subjects, such as effectiveness, laws and polices of blockchain in order to easily accept blockchain technology in small and mid-sized enterprises(SME). This study analyzes the positive effects of applying the block chain to SMEs, examines the laws and policies required to apply them, and identifies the tasks. As a result, we confirmed that it can create positive effects such as optimizing supply chain management, simplifying import and export process documents, improving product quality, facilitating flow of funds, and improving transaction reliability. Also, we confirmed that it is necessary to improve the basic law of electronic transaction, electronic commerce law, electronic financial transaction law, personal information protection legislation, and needs policy supplement for platform development, education system for SMEs, transaction standardization guidelines, tax reduction policy, and block chain research and development. More extensive practical research and specific individual legal studies are needed in the future.

• Industry Promotion Research
• /
• v.8 no.2
• /
• pp.21-27
• /
• 2023

This study studies the policies and use cases of the government and the financial sector for artificial intelligence, and the future policy tasks of the financial sector. want to derive According to Gartner, noteworthy technologies leading the financial industry in 2022 include 'generative AI', 'autonomous system', 'Privacy Enhanced Computation (PEC) was selected. The financial sector is developing new technologies such as artificial intelligence, big data, and blockchain. Developments are spurring innovation in the financial sector. Data loss due to the spread of telecommuting after the corona pandemic As interests in sharing and personal information protection increase, companies are expected to change in new digital technologies. Global financial companies also utilize new digital technology to develop products or manage and operate existing businesses. I n order to promote process innovation, I T expenses are being expanded. The financial sector utilizes new digital technology to prevent money laundering, improve work efficiency, and strengthen personal information protection. are applying In the era of Big Blur, where the boundaries between industries are disappearing, the competitive edge in the challenge of new entrants In order to preoccupy the market, financial institutions must actively utilize new technologies in their work.

• Korean Security Journal
• /
• no.56
• /
• pp.145-163
• /
• 2018

Recently, security behavior of members of organizations has been recognized as a critical part of information security at the corporate level. Leakage of customers' information brings more attention to information security behavior of organizations and the importance of a task force. Research on information breach and information security is actively conducted of personal behavior toward security threats or members of organizations who use security technology. This study aims to identify factors of influence on information security behavior of members of organizations and to empirically find out how these factors affect information security behavior through behavior toward attitude, subjective norm and perceived behavior control. On the basis of the research, this study will present effective and efficient ways to foster information security activities of members of organizations. To this end, the study presented a research model that applied significant variables based on integration of Theory of Planned Behavior (TPB) and Theory of Protection Motivation (TPM). To empirically verify this research model, the study conducted a survey of members of organizations who had security-related work experience at companies. So, it is critical for members of organizations to encourage positive word of mouth (WOM) about information security behavior. Results show that based on the integration of TPM and TPB, perceived vulnerability, perceived severity, perceived efficiency and perceived barriers of information security behavior of members of organizations had significant influences on mediating variables such as behavior toward attitude, subjective norm, perceived behavior control and intention. They also had significant influences on organization information security behavior which is a dependent variable. This study indicates companies should introduce various security solutions so that members of the organizations can prevent and respond to potential internal and external security risks. In addition, they will have to take actions to inspect vulnerability of information system and to meet security requirements such as security patches.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.368-372
• /
• 2002

Channel of distribution of contents of digitalised multimedia contents is changing in form passed directly to consumer from manufacturer through digital network of high speed. Together, diffusion of various digital equipment that do is changing Past multimedia consumption structure with the wonderful speed so that can consume easily digital contents. Specially, Multimedia Personal Computer and fast diffusion of a digital television are acting role such as catalyst that promote easy purchase and consumption of multimedia contents of good qualify. However, this system is no method that can sell digital contents and express right that original owner for the contents can insist nothing but consume. Because consumer can distribute to another person copying contents that buy because of and user can distribute producing ashes again according to necessary field by oneself as well as, can lose meaning for original contents. In this paper, Text editing system for XrML (extensible Rights Markup Language) that describe about integrity of message and entity authentication in addition to necessary rights, fees, condition etc. and this to do fetters XML (eXtensible Markup Language) for copyright protection for digital contents in treatise that see hereupon and use digital contents design and embody.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.227-230
• /
• 2013

Financial transactions using a mobile terminal and the Internet is activated, it is a stock exchange enabled using mobile devices and the Internet. Koscom in charge of IT operations of securities transaction-related in (securities ISAC), to analyze the vulnerability of information security related to securities transactions, which corresponds to running the integrated security control system. Online stock trading is a subject to the Personal Information Protection Act, electronic systems of related, has been designated as the main information and communication infrastructure to, damage financial carelessness of the user, such as by hacking is expected to are. As a result, research on the key vulnerabilities of information security fields related to securities business cancer decoding of the Securities and Exchange packet, through the analysis of security events and integrated security control is needed.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.40 no.3
• /
• pp.116-122
• /
• 2017

Advances in information technology, communication and network technology are radically facilitating digital convergences as the integration of human, equipment, and space in the current industry 4.0 era. In industry 4.0 environment, the vast amount of information with networked computing technology can be simultaneously accessible even in limited physical space. Two main benefit points out of these information are the convenience and efficiency in their online transactions either buying things online or selling online. Even though there exist so many benefits that information technology can create for the people doing business over the internet there is a critical problem to be answered. In spite of many such advantages, however, online transactions have many dysfunctions such as personal information leakage, account hacking, and cybercrime. Without preparing the appropriate protection methods or schema people reluctantly use the transaction or would find some other partners with enhanced information security environment. In this paper we suggested a novel selection criteria that can be used to evaluate the reliable means of authentication against the expected risks under on-going IoT based environment. Our selection criteria consists of 4 steps. The first step is services and risk identification step. The second step is evaluation of risk occurrence step. The third step includes the evaluation of the extent of damage. And the final step is the assessment of the level of risk. With the help of the above 4 step-approach people can systematically identify potential risks hiding in the online transactions and effectively avoid by taking appropriate counter actions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.8
• /
• pp.2827-2848
• /
• 2021

Mobile Crowdsourcing (MCS) has become an emerging paradigm evolved from crowdsourcing by employing advanced features of mobile devices such as smartphones to perform more complicated, especially spatial tasks. One of the key procedures in MCS is to collect answers from mobile users (workers), which may face several security issues. First, authentication is required to ensure that answers are from authorized workers. In addition, MCS tasks are usually location-dependent, so the collected answers could disclose workers' location privacy, which may discourage workers to participate in the tasks. Finally, the overhead occurred by authentication and privacy protection should be minimized since mobile devices are resource-constrained. Considering all the above concerns, in this paper, we propose a lightweight and privacy-preserving answer collection scheme for MCS. In the proposed scheme, we achieve anonymous authentication based on traceable ring signature, which provides authentication, anonymity, as well as traceability by enabling malicious workers tracing. In order to balance user location privacy and data availability, we propose a new concept named current location privacy, which means the location of the worker cannot be disclosed to anyone until a specified time. Since the leakage of current location will seriously threaten workers' personal safety, causing such as absence or presence disclosure attacks, it is necessary to pay attention to the current location privacy of workers in MCS. We encrypt the collected answers based on timed-release encryption, ensuring the secure transmission and high availability of data, as well as preserving the current location privacy of workers. Finally, we analyze the security and performance of the proposed scheme. The experimental results show that the computation costs of a worker depend on the number of ring signature members, which indicates the flexibility for a worker to choose an appropriate size of the group under considerations of privacy and efficiency.

• Journal of Arbitration Studies
• /
• v.11 no.1
• /
• pp.217-245
• /
• 2001

Like traditional commerce, disputes are bound to arise in the course of conducting an e-commerce transaction. At present of June 30, 2001, 259 cases of dispute on e-commerce have been applied for the mediation of Electronic Transaction Dispute Mediation Committee, types of them are 170 cases of delayed delivery of commodity, 21 cases of contract cancellation and refund, 16 cases of personal information protection, 16 cases of false and exaggerated advertisement, 14 cases of commodity defect. The settlement systems of e-commerce dispute are litigation and Alternative Dispute Resolution(ADR). ADR encompasses mediation, arbitration, and similar private tools for resolving disputes. ADR offers many perceived advantages. Speed of resolution and low cost are often cited as the primary benefits. Therfore e-commerce disputes may be settled more effectively by litigation. The settlement systems of e-commerce dispute by ADR are the mediation of Electronic Transaction Dispute Mediation Committee, the mediation of Consumer Dispute Mediation Commercial Arbitration Board, and the arbitration of Korean Commerical Arbitration Board. E-commerce sets up the probability that its merchants and customers will not exist in the same legal jurisdictions. The confusing application of laws and wide geographical dispersion of these parties will necessitate a faster and cheaper dispute resolution methodology. Therefore, online ADR may be effective for e-commerce dispute resolution. The examples of online ADR opetation are the cyber mediation of Electronic Transaction Dispute Resolution Committee, the cyber mediation of Korean Commercial Arbitration Board, the cyber mediation of Click N Settle, the online ADR of BBB online, and the cyber arbitration of virtual Magistrate.