• Informatization Policy
• /
• v.19 no.4
• /
• pp.63-82
• /
• 2012

The world's best level of ICT(Information, Communication and Technology) infrastructure has experienced the world's worst level of ICT accident in Korea. The number of major accidents of privacy invasion has been three times larger than the total number of Internet user of Korea. The cause of the severe accident was due to big data environment. As a result, big data environment has become an important policy agenda. This paper has conducted analyzing the accident case of data spill to study policy issues for ICT security from a social science perspective focusing on risk. The results from case analysis are as follows. First, ICT risk can be categorized 'severe, strong, intensive and individual'from the level of both probability and impact. Second, strategy of risk management can be designated 'avoid, transfer, mitigate, accept' by understanding their own culture type of relative group such as 'hierarchy, egalitarianism, fatalism and individualism'. Third, personal data has contained characteristics of big data such like 'volume, velocity, variety' for each risk situation. Therefore, government needs to establish a standing organization responsible for ICT risk policy and management in a new big data era. And the policy for ICT risk management needs to balance in considering 'technology, norms, laws, and market'in big data era.

• Journal of Digital Convergence
• /
• v.11 no.5
• /
• pp.291-298
• /
• 2013

Metering scheme is composed of servers, clients, and an audit agency who collects the information for the clients which have been processed by servers. Although many efficient and secure metering schemes have been proposed in the literature, they do not consider the client privacy issue. To mitigate this limitation of the related work, we propose a metering scheme to protect the privacy of clients in internet. More specifically, we apply RSA based blind signature to the interaction between client and audit agency. If a client spends metering information to the server more than twice, the identity of the client is revealed by the server or audit agency.

• Journal of Advanced Navigation Technology
• /
• v.13 no.2
• /
• pp.272-279
• /
• 2009

A location information used in LBS provides convenience to the user, but service provider can be exploited depending on how much risk you have. Location information can be exploited to track the location of the personal privacy of individuals because of the misuse of location information may violate the user can import a lot of damage. In this paper, we classify the life cycle of location information as collection, use, delivery, storage and destroy and analyze the factors the privacy is violated. Furthermore, we analyze information security mechanism is classified as operation mechanism and policy/management mechanism and propose a security solutions of all phase in life cycle.

• The Korean Journal of Applied Statistics
• /
• v.29 no.6
• /
• pp.1041-1059
• /
• 2016

The increasing demand from researchers and policy makers for microdata has also increased related privacy and security concerns. During the past two decades, a large volume of literature on statistical disclosure control (SDC) has been published in international journals. This review paper introduces relatively recent SDC approaches to the communities of Korean statisticians and statistical agencies. In addition to the traditional masking techniques (such as microaggregation and noise addition), we introduce an online analytic system, differential privacy, and synthetic data. For each approach, the application example (with pros and cons, as well as methodology) is highlighted, so that the paper can assist statical agencies that seek a practical SDC approach.

• Journal of Internet Computing and Services
• /
• v.10 no.2
• /
• pp.29-40
• /
• 2009

The development of information technology such as the internet has brought about rapidly changes the old medical technology, e-Healthcare has been to raise social issue. The e-Healthcare which new turning point of paradigm in the medical information develops the medical policy in Korea and the technology, the prospective of reverse engineering in internet environment is incurring problems such as distribution of critical information and invasion and infringement of privacy, etc. In this research, we suggest the Role Based Access Control System, HPIP-e-Healthcare Privacy Information Protection, for solving above problem. The HPIP is composed 4 mechanisms such as Consolidate User Identity, Hospital Authorization, Medical Record Access Control, Patient Diagnosis and we are also prototyping the HPIP for feasible approach in the real computing environment.

• Journal of Digital Convergence
• /
• v.9 no.5
• /
• pp.99-111
• /
• 2011

Nowadays, the rapid progress and worldwide use of smart-media(SNS) has resulted in coming of the smart media convergence age. In practice, however, the effectiveness of smart media convergence society is limited by the difficulties of using it, which include accessibility, waiting for loading, clutter, old information, privacy risks, expensive communication, etc. The conquest of these difficulties must be policy target of broadcasting and telecommunication for high quality of communication life. From this perspective, this paper proposes a new policy of broadcasting and telecommunication based on the dynamic quality of life for the smart media convergence society. This smart convergence policy will not promote only the development and production of smart media contents but also its stable supply and it will secure the accessibility and privacy. In conclusion, this paper reveals that the components of quality of life are important elements of broadcasting and communication policies which will eventually lead to the popular use of smart media and enhance its quality.

• Informatization Policy
• /
• v.27 no.1
• /
• pp.72-91
• /
• 2020

In this study, we classified SNS into open and closed types, and empirically examined in which SNS activity the privacy paradox holds. The idea comes from the argument that privacy paradox may be observed differently in the open SNS, which is more vulnerable to the leakage of personal information due to public profiles, and the closed SNS, which is relatively less vulnerable by limiting the range of acquaintances, The results of the empirical analysis are as follows. First, in case of SNS usage, the privacy paradox holds in the overall SNS activities, but different conclusions are drawn according to open and closed SNS. In particular, it is found that as privacy concerns increase, individuals respond in a reasonable and desirable way to reduce SNS activity in the open SNS, which is more susceptible to infringement. Second, in the case of SNS activity intensity, (i) heavy users are more seriously aware of the probability of privacy infringement than light users, so there is a reasonable response to reducing the intensive margin with increasing privacy concerns, and (ii) this tendency is more clearly observed in open SNS, which is more vulnerable to privacy infringement. Accordingly, insisting that the privacy paradox is empirically established by observing only the overall SNS activities without distinguishing them into open and closed SNS may be interpreted as a "Fallacy of Composition."

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1212-1219
• /
• 2011

As recently Privacy Acts in Korea enforced in domestic companies' personal information management needs of a growing obligation for the safety measures and the right of personal information collection, use, limitations, management, and destroyed specifically for handling personal information. Such this regulations should be required technical and policy supports. Accordingly, for the enterprise incident has occurred, the personal information management system behave correctly operating to verify that the safety measures taken, and be determined by the specific preparation to be done. So the first, preparation phase corresponds to the upcoming digital forensic investigation model. On the other hand, the response team also carried these measures out correctly, it needs to be done to check the compliance of Privacy Act. Thus a digital forensics investigation model is strictly related with the implementation of the Privacy Acts and improve the coping strategies are needed. In this paper, we suggest a digital forensic investigation model corresponding to Privacy Act.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1477-1489
• /
• 2019

In this study, we analyzed the privacy policies of 50 Android applications that are on the top chart in EU members to present the methods for enhancing transparency based on GDPR (General Data Protection Regulation). Based on the guidelines in relation to transparency stipulated in WP29, this study extracted factors of transparency in order to ensure transparency of privacy data processing and carried out the verification procedures for each factor. The results revealed that the privacy policies provided in Google Play Store and applications need to be matched, the descriptions of the privacy policies need to be written in clear and plain language for readers to understand easily. and that it is necessary to provide information quickly and improve the descriptions of information which the data controller discloses. The research findings of this study could be used as a preliminary data for proactive responses to the EU's GDPR by substantially complying with the transparency of GDPR.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.195-208
• /
• 2010

As information communication technologies have highly advanced, a large amount of user sensitive information can be easily collected and unexpectedly distributed. For user-friendly services, a service provider requires and processes more user information. However known privacy protection models take on a passive attitude toward user information protection and often involve serious weaknesses. In reality, information exposure by unauthorised access and mistakenly disclosure occurs frequently. In this paper, we study on the applicability of anonymous authentication services for fine-grained user privacy protection. We analyze authentication schemes and classify them according to the level of privacy newly defined in this paper. In addition, we identify security requirements that a privacy protection scheme based on anonymous authentication can achieve within legal boundary.