• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.317-326
• /
• 2012

Internet service provider is able to collect personal information to prevent the violations of the rights of service providers and customers using internet. But there are still many debates going on between a personal privacy and a regulation. Proxy servers are used in various technical purposes include bypass access. Although the proxy server users are increasing but there are not any proper institutional mechanisms and regulations to protect users. In this study, we discuss the two sides of a proxy service includes its privacy protection function and the cyber-crime threat and propose supplementary measures to mediate between the interests of public and private.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.705-717
• /
• 2020

Cities in the world are rushing to develop smart cities to create a sustainable and happy city by solving many problems in cities using information and communication technologies such as big data and IoT. However, in Korea's smart cities and smart city certification systems, the focus is on platform-oriented hardware infrastructure, and the information security aspect is first considered to build and authenticate. It is a situation in which a response system for the risk of leakage of big data containing personal information is needed through policy research on the aspect of personal information protection for smart city operation. This paper analyzes the types of personal information in smart cities, problems associated with the construction and operation of smart cities, and the limitations of the current smart city law and personal information protection management system. As a solution, I would like to present a model of a personal information protection management system in the smart city field and propose a plan to strengthen personal information protection through this. Since the management system model of this paper is applied and operated in the national smart city pilot cities, demonstration cities, and CCTV integrated control centers, it is expected that citizens' personal information can be safely managed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.691-701
• /
• 2015

Recently, with the growing number of services using personal information, government offices' tasks have become more dependent to personal information. Various policies and systems have been made and managed for the safe use of personal information in the circumstances that inevitably require the use of personal information, but the personal information privacy incidents and their scale are on a constant increase. Thus, Korea has been implementing personal information protection management system since 2008 to examine whether public organizations observe the personal information protection act and to how well they manage the personal information, and to improve what is insufficient in the process. However, despite high scores of the outcomes of the system, questions about the effectiveness of the outcomes and about the actual manage level are being raised. Thus, this study seeks to analyze public organizations' activities to protect personal information and the effectiveness of their foundation efforts for them by using the DEA model, and to propose a new model to enhance the effectiveness of the outcomes of personal information protection management system by reflecting them into the outcomes of system, using the derived effectiveness.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.113-120
• /
• 2021

The adoption of the General Data Protection Regulation (EU) 2016/679 transformed approaches and concepts to the implementation of the personal data protection mechanism in the European Union. Within the EU, almost all countries have adapted a new protection mechanism, which requires a study of the specifics of its use. The article intends to assess the legal provisions of the current mechanism of personal data protection in the EU. The author studied the mechanism of personal data protection under the General Data Protection Regulation (EU) 2016/679 (GDPR) based on the concept of contextual integrity and analysis of EU legislation on personal data protection. The scientific publications for 2016-2020 were reviewed for the formation of ideas of a new personal data protection mechanism in the EU, informative and transparent analysis of legal provisions. The article notes that the personal data privacy and protection is increasing, there is an ongoing unification of the legal status of personal data protection and the formation of a digital market for dissemination, exchange, control, and supervision of data. Cross-border cooperation is part of the personal data protection mechanism. The author proved that the GDPR has changed approach to personal data protection: the emphasis is now shifting to the formation of a digital market, where the EU's role in ensuring regulation is crucial. The article identifies the emergence of a new protectionist legal system and strengthening of legal provisions regarding privacy. This legal system needs unification and harmonization in accordance with national legislation, is territorially fragmented and differentiated within the EU.

• Informatization Policy
• /
• v.28 no.1
• /
• pp.64-76
• /
• 2021

The purposes of this study are to identify factors that affect personal information protection activities from the perspective of personal information managers and explore ways of promoting such activities. The main factors examined by threat and response assessments were selected based on the protection motivation theory, and the effects of each factor were analyzed using a multinomial logit model. The analysis results show that small-scale personal information managers need to be provided with both educational support to enhance their awareness and technical support, such as protection inspection tools, to help them carry out their own personal information protection activities. Personal information managers larger than a certain size also require tax support, including tax cuts, to support their budgets for and investments in personal information protection activities. In addition, they need professional education that emphasizes practice.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.151-159
• /
• 2014

Recently, spread of large amount Smartphones made users to download location-based service applications, which provided by application developers. These location-based service applications are convenient tool for users. Location-based service use technology to find location of user and provide information of user's location. Leakage of information of user's location and expose of privacy life raised new controversy. In this thesis, it will analyze relations of increase of Smartphone market, usage of Location-based service and severity of personal information leakage. Also, it will analyze examples of user's case of damage which caused by leakage personal information and find solutions to reduce damage of personal information leakage. In research, it will find cases of damage that cause by Location-based service. Also it will analyze and research cases of damage and present with graph and chart. In conclusion, to reduce and prevent from damage which caused by leakage personal information, it is important that users and application developers to realize danger of private and personal information leakage. Also, user's personal information must deal with cautiously and application developers have to research and develop the application with powerful security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.207-214
• /
• 2014

Recently, smartphone spyware resembles various types of virus components in PCs and has trends getting more and more severe. Users do not perceive the risk factors severely even if smartphone security is very vulnerable in spite of the smartphone spyware growth. Thus, this study observes the influence of information security in selecting smartphone based on the personal inclinations and spyware perceptions. The main variables of study model are such as the degree of personal risk-accepting and the risk of smartphone spyware as independent variables and smartphone purchasing intention as a dependent variable. The model is tested using SPSS 21 packages on the effective 200 samples gathered through questionnaire survey on the present smartphone users. As a result, the two main hypotheses which are "the degree of personal risk-accepting will influence on the perceiving risk of smartphone spyware" and "the perceiving risk of smartphone spyware will influence on smartphone purchasing intention" were significant statistically. Therefore, we could find out information security's influence on the selecting smartphone.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.5
• /
• pp.548-574
• /
• 2009

Personal information (hereinafter referred to as "PI") infringement has recently emerged as a serious social problem in Korea. PI infringement in the public and private sector is common. There were 182,666 cases of PI in 2,624 public organizations during the last three years. Online infringement cases have increased. PI leakage causes moral and economic damage and is an impediment to public confidence in public organizations seeking to manage e-government and maintain open and aboveboard administration. Thus, it is an important matter. Most cases of PI leakage result from unsatisfactory management of security, errors in home page design and insufficient system protection management. Protection management, such as encryption or management of access logs should be reinforced urgently. However, it is difficult to comprehend the scope of practical technology management satisfied legislation and regulations. Substantial protective countermeasures, such as access control, certification, log management and encryption need to be established. It is hard to deal with the massive leakage of PI and its security management. Therefore, in this study, we analyzed the conditions for the technical protection measures during the processing phase of PI. In addition, we classified the standard control items of protective measures suited to public circumstances. Therefore, this study provides a standard and checklist by which staff in public organizations can protect PI via technical management activities appropriate to laws and ordinances. In addition, this can lead to more detailed and clearer instructions on how to carry out technical protection measures and to evaluate the current status.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.513-528
• /
• 2018

In a smart home environment that integrates IoT technology into a residential environment, the smart home hub provides convenience functions to users by connecting various IoT devices to the network. The smart home hub plays a role as a gateway to and from various data in the process of connecting and using IoT devices. This data can be abused as personal information because it is closely related to the living environment of the user. Such abuse of personal information may cause damage such as exposure of the user's identity. Therefore, this thesis analyzed the threat by using LINDDUN, which is a threat modeling technique for personal information protection which was not used in domestic for Smart Home Hub. We present evaluation criteria for smart home hubs using the Common Criteria, which is an international standard, against threats analyzed and corresponding security requirements.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.6B
• /
• pp.551-560
• /
• 2006

Security in WPAN is one of the most fundamental issues to overcome the barrier of wireless environment. Although piconet security mechanisms have been defined in the WPAN standards, many remains open and are left for implementation. Koinonia is a high-rate Wireless Personal Area Network (WPAN) technology, and is developed for multimedia traffic transmission in personal area. In Koinonia WPAN, a piconet consists of one master and more than one slave, and piconet security mechanisms is not defined at all. Therefore, we propose a robust piconet security mechanism for secure communications between slaves in a piconet. Based on security requirements analysis, our proposed protocols are shown to meet the security needs for Koinonia high-rate WPAN.