• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.167-172
• /
• 2016

The purpose of this study is to provide implications for preventing insider information leakages in public agencies for national security. First, the study examined the definitions and current usage of information security systems of public agencies were examined. Second, web-service base information leaks and malware-base information leaks were discussed and three major credit card companies' personal information leakage cases were analyzed. Based on the analysis, four solutions were provided. First, information leakages can be protected by using web filtering solutions based on the user, which make possible to limit frequencies of malware exposures. Second, vaccine programs and vaccine management system should be implemented to prevent information leakages by malware. Third, limit the use of portable devices within local networks to prevent information leakages and vaccines programs for malware should be regularly used. Forth, to prevent information leakages by smartphone malwares, data encryption application should be used to encrypt important information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.721-737
• /
• 2014

The Resident Registration Number(RRN) system has been effectively acted as a national identification system since it was enforced. On the other hand, there are some problems such as leakages of personal informations including RRNs on a large scale and each RRN makes a pair with each person in all areas of the society. Nevertheless leakages of them might cause a big damage, there is no radical countermeasure for they are never changed in actual fact. In Republic of Korea, a RRN acts as a primary key of a database, so it has to be protected by severing the connectivity between leaked RRNs and the other personal data. In this paper, the Unconnected Random Personal Identification Number system is proposed for preventing damage of data spills by removing a dependency which the RRN has. Furthermore, this paper suggests the solutions against some potential issues in the system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.881-888
• /
• 2015

Financial Authorities have added security controls to the Electronic Financial Transaction Act and the Supervisory Regulation according to the recent frequent personal credit information leakages. Accordingly, the security level has been upgraded. But it is necessary to study more security controls to add. This paper deduces 19 security controls over the mean value to be added to the financial area receiving 15 security consultant's help.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.275-283
• /
• 2016

Currently Internet and IT infrastructure of Korea has maintained the world's highest levels. But in another aspect, security incident, especially personal information breaches occur frequently. As personal information leakage happened, the companies will be negatively affected. And to prevent this, they have implemented to use a variety of security solutions from information security vendors. Therefore we set up hypotheses that the companies experienced personal information leakage as well as information security companies providing security solutions will be affected by the leakages. So this paper verify hypotheses about the impact of the value of information security companies, through analysing stock price fluctuation of the companies. We found that the stock price of information security companies has increased as personal information leakage happened. And differences according to leakage volumes and types of business are not statistically significant. But there are significant differences according to business classification of information security companies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1037-1055
• /
• 2016

After the enactment of the Personal Information Protection Act, policies and activities for the personal information protection have been actively promoted. However the people are showing negative attitudes about personal information, as the ongoing personal data leakages. Therefore, authors tried to empirical analysis of the effectiveness of national policy on the protection of personal information, using SERVQUAL model, focused on the people's perception, in order to identify that how the people recognized current policy. Authors find that the public has perceived the effectiveness of the policy positively, but the level of their awareness is low. And we identify that the people are highly aware of the policy's effectiveness for Immediacy, Convenience and Responsibility, while they have the lowest effectiveness for Efficiency. The policy's improvement focused on the public's low expectations/perceptions and effectiveness awareness, is required in order to develop people-oriented national privacy policy that are satisfied by the people.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.2
• /
• pp.75-81
• /
• 2012

As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

• Journal of the Korean Society of Safety
• /
• v.30 no.2
• /
• pp.77-82
• /
• 2015

When accidents that relate to a large numbers of people occur, such as disasters involving group tours by ship or aircraft, or large-scale chemical leakages, it is very important to know the personal identification of victims and to determine their locations and status. It is true that there will be serious damage or injury to people who engaged especially when information does not transfer properly or people get inaccurate one. In this study, therefore, we analysed the disaster response management system for rescued people of the Sewo ferry sinking accident. Based on the analysis we proposed to improve the real-time disaster management system with ICT(Information & Communication Technology).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1435-1447
• /
• 2015

Finance Companies are operating a security solution such as E-DRM(Enterprise-Digital Right Management), Personal information search, DLP(Data Loss Prevention), Security of printed paper, Internet network separation system, Privacy monitoring system for privacy leakage prevention by insiders. However, privacy leakages are occurring continuously and it is difficult to the association analysis about relating to the company's internal and external distribution of private document. Because log system operated in the separate and independent security solutions. This paper propose a systematic chains that can correlatively analyze business systems and log among heterogeneous security solutions organically and consistently based on security documents. Also, we suggest methods of efficient detection for Life-Cycle management plan about security documents that are created in the personal computer or by individual through the business system and distribution channel tracking about security documents contained privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1271-1282
• /
• 2012

Recently, security incidents occur continuously, resulting in the leakages of a large amount of the company's confidential and private information. For these reasons, the security technologies such as the authentication and the access control in order to prevent the information leakage are attracting attention. In particular, location-based authentication that utilizes the user's current location information which is used an authentication factor. And it provides more powerful authentication by controlling the users who attempt to access and blocks internal information leakage path. However, location information must be handled safely since it is the personal information. The location based authentication scheme proposed in this paper enhances the stability of the process location information compared with existing relevant location-based authentication protocol. Also it strengthens the end-user authentication by using one-time password. In addition, the proposed scheme provides authentication to prevent information leakage and employs the concept of the user's physical access control. Resultingly, the proposed scheme can provide higher security than the previous studies, while guarantee to low communication cost.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.5
• /
• pp.538-547
• /
• 2016

With respect to the factors affecting information security awareness and behavior, the study of the relevance of the concept of optimistic bias is actively used in psychology. In other words, this study examines whether the optimistic bias of individuals affects information security in the field. In this sense, this study attempted to demonstrate the relevance of optimistic bias in information security behavior and awareness. A questionnaire survey was conducted targeting 111 people engaged in domestic private enterprises. The survey results showed that this personalized optimistic bias exists because of empirical factors related to personal security. Optimistic bias affects the security awareness information. The greater the optimistic bias, the lower the awareness and recognition of information security. In other words, optimistic bias affects information security awareness. Reducing the effects of optimistic bias is expected to reduce information security incidents, such as information leakages. However, the variety of information related ethical activities of a company did not have any effect on the information security awareness. Most previous studies have only examined the effect optimistic bias in the field of health. Therefore, this study fills an important gap in research in IT.