• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• 대한안전경영과학회지
• /
• 제12권4호
• /
• pp.107-116
• /
• 2010

To give a solution to solve personal information problems issued in this study, the domestic and overseas cases about information security management system including an authentication technique are analyzed. To preserve the outflow of personal information, which is such a major issue all over the world, a new security audit check list is also proposed. We hope this study to help information system developers construct and operate confidential information systems through the three steps: Analysis of risk factors that expose personal information, Proposal to solve the problem, Verification of audit checking items.

• 정보보호학회논문지
• /
• 제19권2호
• /
• pp.117-125
• /
• 2009

일반적으로 컨택센터에서는 고객의 개인정보 취급이 필수적이며, 중요정보자산인 고객의 개인정보를 취급하는 고객정보취급자의 수가 매우 많아, 내부 고객정보 유출 가능성 등의 위협요인이 존재하고 있다. 본 논문에서는 컨택센터의 특성과 위협요인 및 취약점을 분석하였으며, 고객의 개인정보를 효과적으로 보호할 수 있는 방안을 연구하였다. 또한 내부 정보 유출 가능성을 사전에 예방할 수 있는 개인정보 보호 방안을 마련하였다. 그리고 컨택센터의 고객 개인정보보호 방안에 대하여 ISMS (Information Security Management System) 표준을 따르는 "컨택 센터의 고객 개인정보 보호 모델"을 수립하여 제안한다.

• 디지털산업정보학회논문지
• /
• 제8권3호
• /
• pp.33-39
• /
• 2012

Since the passing of the Personal Information Act in March 2011 and its initial introduction in September, over the one year to date diverse security devices and solutions have been flowing into the market to enable observance of the relevant laws. Beginning with security consulting, corporations and institutions have focused on technology-based business in order to enable observance of those laws competitively in accordance with 6-step key procedures including proposal, materialization, introduction, construction, implementation, and execution. However there has not been any investment in human resources in the field of education such as technology education and policy education relative to the most important human resources field nor investment in professionals in the organization for the protection of personal information or in human resources for operating and managing IT infrastructure for actual entire personal information such as special sub-organizations. In this situation, as one process of attracting change from the nature of the technology-based security market toward a professional human resource-based security infrastructure market, it is necessary to conduct research into standardization modeling concerning special organizational composition and a management system for the protection of personal information.

• 융합정보논문지
• /
• 제7권3호
• /
• pp.83-90
• /
• 2017

본 연구의 목적은 기업체의 정보보안 관리자가 모든 임직원들의 개인정보 보유 현황을 인지해야 하는 한계성을 해결하고자 한다. 본 연구에서는 정보보안 관리자와 부서별 정보보안 담당자가 개인별, 부서별 개인정보 보유 현황을 최소화할 수 있도록 효율적인 개인정보 보유 현황 관리시스템을 제안한다. 이를 위해 개인정보 보유 현황의 대상이 되는 점검대상 컴퓨터와 개인정보 보유 현황의 결과를 확인할 수 있는 점검결과를 PVA 시스템으로부터 효율적인 개인정보 보유 현황 관리시스템으로 전송하는 방법에 대해 연구하고, 확인된 개인정보 보유 현황을 최소화할 수 있는 방법에 대해서도 연구한다. 기존 PVA 시스템을 정보보안 관리자가 관리하는 One channel 방식을 정보보안 관리자와 정보보안 담당자가 관리할 수 있도록 Two channel 방식으로 변경하여 개인정보 보유 현황을 최소화한다.

• Asia pacific journal of information systems
• /
• 제22권1호
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• Journal of Information Technology Applications and Management
• /
• 제19권3호
• /
• pp.31-47
• /
• 2012

As the dependence on information is increasing, the protection of personal information (PI) becomes a critical issue for the organizations, causing not only financial loss but also negative impacts on corporate images and reputations. To date, academic research in this area is scarce. This study analyzes the factors affecting the establishment and/or implementation of Personal Information Management System (PIMS) and provides direction for the practice. In this study, we assume that PIMS is one of the new technology adopted by organizations, and Unified Theory of Acceptance and Use of Technology (UTAUT) model is selected as a base model for the study. Using structural equation modeling technique, both measurement and structural models are validated, and hypotheses are tested. Major findings of the study include (1) the major driver of the organizations attempting to adopt PIMS seems to be the improvement of the business outcomes, (2) organizational capability and resource are important in the establishment of PIMS, and (3) the perceived difficulty of the establishment of PIMS is not affecting the intention to adopt PIMS. Since the importance of personal information security is high, establishment of PIMS is becoming one of the critical issues in the organizations. The establishment of PIMS should be encouraged to strengthen the competitiveness of businesses and to enhance the security level of the entire nation. It is expected that this study may contribute to developing plans and policies for establishment of PIMS in practice, and to providing a foundation for further research in this area.

• 한국컴퓨터정보학회논문지
• /
• 제20권8호
• /
• pp.35-43
• /
• 2015

Recently, internal information leaks is increasing rapidly by internal employees and authorized outsourcing personnel. In this paper, we propose a method to integrate internal control systems like system access control system and Digital Rights Managements and so on through expansion model of SIEM(Security Information Event Management system). this model performs a analysis step of security event link type and validation process. It develops unit scenarios to react illegal acts for personal information processing system and acts to bypass the internal security system through 5W1H view. It has a feature that derives systematic integration scenarios by integrating unit scenarios. we integrated internal control systems like access control system and Digital Rights Managements and so on through expansion model of Security Information Event Management system to defend leakage of internal information and customer information. We compared existing defense system with the case of the expansion model construction. It shows that expanding SIEM was more effectively.

• 정보보호학회논문지
• /
• 제25권6호
• /
• pp.1435-1447
• /
• 2015

금융회사에서는 내부자에 의한 개인정보유출 방지 및 내부통제 강화를 위하여 E-DRM(Enterprise-Digital Right Management), 개인정보검색, DLP(Data Loss Prevention), 출력물보안, 인터넷 망 분리시스템, 개인정보모니터링 시스템 등의 보안 솔루션을 도입 운영하고 있다. 하지만 개인정보유출 사고는 계속해서 발생하고 있으며, 이 기종 보안 솔루션간의 독립적인 로그 체계로 인하여 개인정보문서의 회사 내부유통 및 외부반출 관련한 정합성 있는 유통경로의 연관 분석이 어렵다. 본 논문은 보안문서를 기반으로 하여 업무시스템 및 이 기종 보안 솔루션간의 로그를 유기적으로 정합성 있게 연관 분석할 수 있는 연결고리 체계 방안을 제시하고, 업무시스템을 통하여 개인PC에 생성되는 보안문서나 개인이 작성한 보안문서에 대한 Life-Cycle 관리방안 및 개인정보가 포함된 보안문서에 대한 유통경로 추적을 위한 효율적인 탐지 방안을 제안하고자 한다.

• 정보보호학회논문지
• /
• 제25권3호
• /
• pp.691-701
• /
• 2015

최근 개인정보를 활용하는 서비스가 증가함에 따라 공공기관들의 업무는 개인정보에 대한 의존성이 높아지고 있다. 개인정보의 활용이 불가피한 환경에서 안전한 개인정보 활용을 위해 다양한 정책과 제도를 마련하여 운영하고 있으나 개인정보 침해사고와 그 규모는 지속적으로 증가하고 있는 실정이다. 이에 우리나라는 2008년부터 공공기관의 개인정보 보호법 준수 여부와 관리수준을 진단하고 미흡한 사항에 대해 개선활동을 수행하기 위한 개인정보보호 관리수준 진단을 시행하고 있다. 그러나 관리수준 진단 결과가 높은 점수임에도 불구하고 끊이지 않는 침해사고로 인하여 진단 결과와 실제 관리수준에 대해 실효성 측면에서의 문제가 제기되고 있다. 따라서 본 연구에서는 공공기관들의 개인정보보호 활동과 기반마련에 대한 효율성을 DEA 모형으로 분석하고, 도출된 효율성을 개인정보보호 관리수준 진단 결과에 반영하여 진단 결과의 효과성과 효율성을 높이기 위한 새로운 모델을 제안하고자 한다.