• The Journal of Information Systems
• /
• v.29 no.1
• /
• pp.51-74
• /
• 2020

Purpose Since the number of personal information breach incidents increased, many people have perceived the importance of personal information protection, in the recent. Especially, the number of personal information breach targeting middle-aged and elderly people rapidly increases. Therefore, the purpose of this study is to identify the factors which influence to fail of online information security behaviors among the elderly. Design/methodology/approach This study made a research model by adopting the factors deducted from the protection motivation theory. To analyze the research model, we conducted an online survey targeted on the elderly and middle ages users who have nations of Korean and Chinese respectively. Findings According to the empirical analysis result, we identified that only perceived severity and perceived vulnerability affected information security awareness. On contrast, it was also discovered that perceived barriers, self-efficacy, and response efficacy did not affect information security awareness. Additionally, the awareness of information security also did not affect information security behaviors. Middle-aged and elderly people with personal information protection education did more information security behaviors than people those who no education experiences. Korean middle-aged and elderly people with education significantly did more information protection behaviors than the people without the education.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Convergence Security Journal
• /
• v.14 no.3_2
• /
• pp.3-12
• /
• 2014

The government was fully aware of the gravity of a recent massive leak of personal information of credit card users. Meanwhile, the government just took a light disciplinary action by imposing a fine, but it showed its intention to strengthen the regulations by taking the severest disciplinary action. The tightened regulations against personal information leak will be applied to the private security industry without exception to protect individual people's property and lives if such an incident occurs in that industry that deals with a wide variety of personal information such as CCTV data or privacy information all the time. The purpose of this study was to examine the state of the protection and management of personal information for service users among private security firms in an effort to suggest some reform measures. The findings of the study were as follows: First, administrators or managers who are involved with personal information protection should make a full-fledged effort to gather information. Second, counseling or related programs should be provided for small and mid-sized security firms to guarantee thorough personal information protection. Third, Korea Security Association should improve the educational system related to personal information protection to resolve problems with this education currently provided for managers and employees of these companies.

• Journal of Digital Convergence
• /
• v.19 no.12
• /
• pp.125-132
• /
• 2021

This study analyzed the multi-mediating effects of information security, personal information infringement, personal experience, and information security intention in the relationship between personal information protection and information security attitude. For this purpose, a survey was conducted on 221 students from G University. First, information security, personal information infringement, and information security awareness had a simple mediating effect. Second, information security, personal information infringement, personal experience, and information security consciousness had parallel multi- mediation effects. Third, personal information infringement and information security awareness had a simple mediating effect in the parallel multiple mediation state. Fourth, information security had a simple mediating effect, but it was found that there was no simple mediating effect in the parallel multiple mediation state. This study is meaningful in that it empirically compared the simple and multi-mediation effects.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.907-909
• /
• 2012

주민등록번호는 주민생활의 편익 증진과 행정사무의 적정한 처리를 목적으로 도입되었으나 인터넷의 발달과 함께 관행적이고 무분별하게 사용되어 왔다. 수집된 주민등록번호가 해킹 등의 유출사고로 명의도용 등 범죄에 악용될 우려가 커지자 이를 근본적으로 해결하기 위하여 2011년 방송통신위원회는 인터넷상 주민등록번호 수집 이용을 제한하는 법 제도적 정책을 추진하였다. 정보통신망법이 개정되어 주민등록번호의 사용이 제한되면서 사업자에게 본인확인, 연령확인 등 법률의무의 이행이나 고객의 분쟁조정 등 목적을 위해 주민등록번호를 대체할 본인확인수단이 필요하게 되었다. 본 논문에서는 주민등록번호를 이용자가 입력하지 않으며 보편적으로 사용하고 있는 인프라를 이용하고 단순한 입력정보의 변경을 통해 본인확인을 할 수 있는 방안을 제안한다.

• Journal of Korean Society for Quality Management
• /
• v.39 no.3
• /
• pp.432-443
• /
• 2011

The purpose of this research is to understand users' information protection behavior on personal information security from health psychology theory perspectives. Empirical results indicate that users' information protection behavior on personal information is predicted by perceived threat and perceived responsiveness. Perceived threat is determined by perceived susceptibility and perceived severity. Perceived responsiveness is determined by response efficacy and self-efficacy, but response cost is not significant. These findings provide an enriched understanding about users' information protection behavior on personal information security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1245-1255
• /
• 2015

As cloud computing services become popular, the concern on the data security of cloud services increases and the efforts for the data security become essential. In this paper, we describe the pros and cons of cloud computing including the definition of cloud. Then, we discuss the regulations about the protection of user data defined in cloud promotion act. Previous studies related to the privacy protection and the entrustment of personal information in cloud computing are reviewed. We examine how to store the personal information depending on the cloud service model. As a result, we argue that the entrustment of personal information should vary according to the cloud service model and we propose how to protect the personal information on IaaS and SaaS cloud service models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.781-797
• /
• 2013

Nowadays, it is increasing that corporates consign tasks related to the personal information processing to the consignees for efficiency and quality improvements and cost reductions. As the consignments are increased, there are increases on types and amounts of personal information. Therefore, the needs on the information managements and the security threats are increased. This report will analyze the laws that consignors and consignees should follow. Moreover, it identifies issues and analyzes the current levels on consignees in terms of the personal information protection so that the consignors can come up with the best and efficient way to monitor the consignees when they consign the personal information processing tasks.