• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1437-1446
• /
• 2019

As a result of various personal information leakage incidents, the government implemented enhanced privacy protection measures, and financial companies are making efforts to periodically check whether personal information is misused according to government measures, but the problem of misuse of personal information is still not improved. The purpose of this study is to analyze the results of field experiments using the monitoring system for misuse of personal information and to suggest ways to improve the misuse problem. Based on the specific deterrence theory, this study examined the effects of misuse prevention according to the method of dealing with misusers, and analyzed the relationship between the duties of misusers and their years of service and misuse. It is expected that the analysis results of this study will be used for effective policy establishment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.199-213
• /
• 2018

Since 2008, large-scale personal information breach incidents have occurred frequently. Even though national education, policy, and laws have been enacted and implemented to resolve the issue, personal information breaches still occur. Currently, individuals cannot confirm detailed information about what personal information has been affected, and they cannot respond to the breaches. Therefore, it is desirable to develop various methods for preventing and responding to personal information infringement caused by breach and leakage incidents and move to privacy protection behaviors. The purpose of this study is to create understanding of personal information security and information breach, to present services that can prevent breaches of personal information, to investigate the necessity of and analyze the potential public demand for such services, and to provide direction for future privacy-related information services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1205-1219
• /
• 2019

As the ability to use data becomes competitive power in the data-driven economy, the effort to create economic value by using personal data is emphasized as much as to protect personal data. EU's PSD2(the second Payment Service directive) became the initiative of the Open Banking trends all over the world, as it is the Mydata policy which protects the data subject's right by empowering the subject to control over the personal data with the right to data portability and promotes personal data usages and transfer. Korean government is now fast adopting EU's PSD2 in financial sector, but there is growing concerns in personal data abuse and misuse, and data breach. This study analyzes domestic financial Mydata policy in comparison with EU's PSD2 and focus on Personal information life-cycle risks of financial Mydata policy. Some suggestions on how to promote personal information and privacy in domestic financial Mydata Policy will be given.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.251-260
• /
• 2010

Through the convergence of medical services and the IT technique, the patient's personal health information computerization has been rapidly spread with propagation of electronic medical record(EHR). In addition, by entering u-health, the demand of the secondary use for public health, medical research, and medical service using electronic patient health care records are increasing. The personal health information secondary uses for the development of academic medical area and service, are very good thing. But, carelessly to use personal health information, the patient privacy would be damaged. However, there are not yet systematic studies about secondary use of personal health information. Therefore, in this paper, we analyze the difference of the internal and external bill for personal medical data secondary use and propose the direction of the medical service development and preservation of the individual's privacy.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1991.11a
• /
• pp.176-184
• /
• 1991

A realization of a conventional cryptosystem for personal computers using the DSP56001 digital signal processing chip is presented. An improved Lucifer-type algorithm is employed to encrypt, and executed in the DSP56001. The Diffie-Hellman method is employed to generate and distribute the key. The implemented hoard can be plugged in the I/O port of personal computers.

• Electronics and Telecommunications Trends
• /
• v.35 no.6
• /
• pp.88-96
• /
• 2020

As the usability and value of personal information increase, the importance of privacy protection has increased. In Korea, the scope of the use of pseudonymized personal information has increased because of revisions to the law. In the past, security technologies were used to safely store and manage personal information, but now, security technologies focused on usability are needed to safely use personal information. In this paper, we look at issues related to the de-identification and re-identification of personal information. Moreover, we examine the standards and techniques related to the de-identification of personal information.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• The Journal of Society for e-Business Studies
• /
• v.18 no.1
• /
• pp.1-12
• /
• 2013

With the increases of requirement for user identification in Internet services, we should let the service companies know my personal information. If the shared personal information with them are used in not-allowed area or delivered to un-authorized persons, we may have practical harms in several fields such as financial related operations. Korean Government has introduced new management method for personal information, but it is not hard to find the personal information management issues from Korean news papers. The proper measurement should be delivered to related companies to help them to decide investment for security. This paper review the indirect measurement method of demages by check the stock prices of related company for personal information management issue. We check the relationship between change of stock price and the information management issue. The result shows there are no changes in stock market. Korean government added strong regulations for personal information management though. To prevent further personal information issues, we should recognize the indirect damages properly and let the company pay higher reparations for any personal information abuse.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.367-377
• /
• 2012

(Estimating Compensation for Personal Information Infringement) As the value of personal information increases, personal information infringements is more likely to happen. The compensation for personal information infringements needs to be calculated in the process of infringement remedy. However, as personal information is regarded as non-market goods with no exchange price and calculating the remedy for mental sufferings from infringements has no guideline, it is not easy to determine the compensation amount. In this study, we adopt Contingent Valuation Methods (CVM) to analyze Willingness to Accept (WTA) of each type of personal information. Also, this study attempts to examine a standard model for calculating compensation by applying JNSA JO Model of Japan, which is not prepared in Korea. This study does not simply present a plan of estimating compensation. By measuring the value of personal information, it could awaken companies and organizations to the importance of personal information security.

• The Journal of Information Systems
• /
• v.21 no.4
• /
• pp.1-29
• /
• 2012

The purpose of this study was to find about personal information security of internet and social networks by focusing on end users. User competence and subjective criterion, which are the antecedents, are affecting security behaviors For these security behaviors, the study examined the relationship between security behavior intention on internet use and security behavior intention about social network that is actively achieved in many fields. Behaviors of internet and social network were classified into an action of executing security and an action of using a security technology. In addition, this study investigated a theory about motivational factors of personal intention on a certain behavior based on theory of reasoned action in order to achieve the purpose of this study. A survey was conducted on 224 general individual users through online and offline, and the collected data was analyzed with SPSS 12.0 and SmartPLS 2.0 to verify demographic characteristics of respondents, exploratory factor analysis, and suitability of a study model. Interesting results were shown that security behavior intention of social network is not significant in all security behavior execution, which is security performance behavior, and security technology use. Internet security behavior is significant to security technology use but it does not have an effect on behavior execution.