• Korean Security Journal
• /
• no.18
• /
• pp.169-190
• /
• 2009

Today, the rapid advance of scientific technologies has brought about fundamental changes to the types and levels of terrorism while the war against the world more than one thousand small and big terrorists and crime organizations has already begun. A method highly likely to be employed by terrorist groups that are using 21st Century state of the art technology is cyber terrorism. In many instances, things that you could only imagine in reality could be made possible in the cyber space. An easy example would be to randomly alter a letter in the blood type of a terrorism subject in the health care data system, which could inflict harm to subjects and impact the overturning of the opponent's system or regime. The CIH Virus Crisis which occurred on April 26, 1999 had significant implications in various aspects. A virus program made of just a few lines by Taiwanese college students without any specific objective ended up spreading widely throughout the Internet, causing damage to 30,000 PCs in Korea and over 2 billion won in monetary damages in repairs and data recovery. Despite of such risks of cyber terrorism, a great number of Korean sites are employing loose security measures. In fact, there are many cases where a company with millions of subscribers has very slackened security systems. A nationwide preparation for cyber terrorism is called for. In this context, this research will analyze the current status of Korea's cyber security systems and its laws from a policy perspective, and move on to propose improvement strategies. This research suggests the following solutions. First, the National Cyber Security Management Act should be passed to have its effectiveness as the national cyber security management regulation. With the Act's establishment, a more efficient and proactive response to cyber security management will be made possible within a nationwide cyber security framework, and define its relationship with other related laws. The newly passed National Cyber Security Management Act will eliminate inefficiencies that are caused by functional redundancies dispersed across individual sectors in current legislation. Second, to ensure efficient nationwide cyber security management, national cyber security standards and models should be proposed; while at the same time a national cyber security management organizational structure should be established to implement national cyber security policies at each government-agencies and social-components. The National Cyber Security Center must serve as the comprehensive collection, analysis and processing point for national cyber crisis related information, oversee each government agency, and build collaborative relations with the private sector. Also, national and comprehensive response system in which both the private and public sectors participate should be set up, for advance detection and prevention of cyber crisis risks and for a consolidated and timely response using national resources in times of crisis.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.99-108
• /
• 2011

The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection / use of privacy data, processing of sensitive information / personal ID information, and encryption of privacy information); restrictions on installation / operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study. Possible solutions proposed by this study can be summed up as follows: By changing minds with sufficient legal reviews, it is required for security service providers to 1) clearly and further specify any purposes of collecting and using privacy information, if possible, 2) obtain any privacy information by legitimate means as it is necessary to collect such information, 3) stop providing any personal information for the 3rd parties or for any other purposes except fundamental purposes of using privacy information, and 4) have full knowledge about duty of safety measure in accordance with safe maintenance of privacy information and protect any personal information from unwanted or intentional leakage to others.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.663-666
• /
• 2012

Since September 30 2011, depending on Personal Information Protection Act article 29 and Act standard securing personal information safety the fifth clause of article 7, in case personal information manager of public and private enterprise saves unique indentifying information to internal network, the manager can enforce that decide checking of cryptographic application and a range of application following risk analysis criteria result. Until December 31 2012, enterprises complete the application of cryptographic technology or the equivalent. The paper is research and development on supporting tool that suggest risk analysis criteria based on personal information risk analysis criteria that be provided by MOPAS(Ministry Of Public Administration and Security) and KISA(Korea Internet Security Agency) for personal information processing.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.71-76
• /
• 2016

In this study, de-identification policies of the US, the UK, Japan, China and Korea are compared to suggest a future direction of de-identification regulations and a method for vitalizing the big data industry. Efficiently using the de-identification technology and the standard of adequacy evaluation contributes to using personal information for the industry to develop services and technology while not violating the right of private lives and avoiding the restrictions specified in the Personal Information Protection Act. As a counteraction, the re-identification issue may occur, for re-identifying each person as a de-identified data collection. From the perspective of business, it is necessary to mitigate schemes for discarding some regulations and using big data, and also necessary to strengthen security and refine regulations from the perspective of information security.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.147-159
• /
• 2023

Recently, Chat GPT artificial intelligence (AI) is of keen interest to all governments, companies, and military sectors around the world. In the existing era of literacy AI, it has entered an era in which communication with humans is possible with generative AI that creates words, writings, and pictures. Due to the complexity of the current laws and ordinances issued during the recent national crisis in Korea and the ambiguity of the timing of application of laws and ordinances, the golden time of situational measures was often missed. For these reasons, it was not able to respond properly to every major disaster and military conflict with North Korea. Therefore, the purpose of this study was to revise the National Crisis Management Basic Act, which can act as a national tower in the event of a national crisis, and to promote artificial intelligence governance by linking artificial intelligence technology with the civil, government, military, and police.

• The Korean Journal of Archival Studies
• /
• no.18
• /
• pp.281-315
• /
• 2008

This paper reviews recent records issues surrounding former president Roh Moo-Hyun's private possession of the copies of the presidential records in Korea. While the former president transferred his records to the National Archives of Korea, he copied his electronic presidential records and kept them in his house after the term. His retention of the "records copies" arouse critical records issues and criminal charges. In this paper, I examined the definition of presidential records and legal status of records copies, authenticity of electronic copies of public records in public and private records systems, nature and scope of presidential privilege of access to his records, and most importantly, political neutrality of national archives. I examined these issues comparing with foreign experience, especially that of the United States which has the Presidential Records Act like Korea. All issues are examined in the professional spirit of archives principles and archives ethics. Legal status of the electronic copies of presidential records is not firmly established and the criminal charge seems groundless. However, it is against public archives principles and ethics that private former president privately possesses and manages private information and national security information held in the electronic copies of the presidential records. Presidential Records Act of Korea provides an effective tool to protect the presidential records for 15 years and it should be respected. It is time to consolidate the public records management institutions in Korea, not to disintegrate them.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.1-16
• /
• 2011

A digital certificate mandated by the Electronic Signature Act has become familiar in our daily lives as 95% of the economically active population hold certificates. Due to upgrades to 256 bit level security that have become effective recently, the security and reliability of digital certificates are expected to increase. Digital certificates based on Public Key Infrastructure (PKI) have been known as "no big problem," but the possibility of password exposure in cases of leaked digital certificates still exists. To minimize this vulnerability, various existing studies have introduced alternative password methods, expansion of certificate storage media, and multiple certification methods. These methods perform enhanced functions but also have limitations including the fact that the secureness of passwords is not guaranteed. This study suggests an alternative method for enhancing the level of password secureness as a way to improve password security. This new method improves security management and enhances the convenience of using digital technologies. The results may be used for developing digital certificate related security technologies and research in the future.

• Korean Security Journal
• /
• no.48
• /
• pp.35-56
• /
• 2016

The purpose of this study is to find the development of the special security business plan based on the problem that guards are now aware of special security service. In order to achieve the objectives of this study, we analyzed the data after expert survey and interview conducted by seven experts engaged in special security services more than 10 years. The guard who perform special security service proposed a development plan of special security services as follows. First, the current education system for new employees' training is required to improve the educational program of 60 hours in subjects related to special security duties by reorganization. Second, the special security service training for guards also appropriate to switch to 9-hour training program for three months through an educational organization controlled by country. Third, the special security guards should be proceeding the practical programs required in the field and quality education in the different section by competent and professional instructors. Fourth, the retirement age for special security guard stipulated in the Security Services Industry Act that needs to be readjusted upward by considering the social environment. Sixth, there needs to be organized the Special Security Association for development associated with the special security service and to protect the rights of special security guards.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.21-38
• /
• 2017

It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.781-799
• /
• 2024

Recently, the US and EU have been institutionally introducing and promoting Coordinated Vulnerability Disclosure(CVD) to strengthen the response to security vulnerabilities in ICT products and services, based on collaboration with white-hat hackers. In response to these changes in cybersecurity, we propose a three-step approach to introduce CVD through the Information and Communications Network Act(ICNA). In the first step, to comprehend the necessity and requirements for legislating CVD, we survey the current situation in Korea and the trends of CVD in the US, EU, and OECD. In the second step, we analyze the necessity for legislating CVD and derive the requirements for its legislation. In this paper, we analyze the necessity for legislating CVD from three perspectives: the need for introducing CVD, the need for institutionalization based on law, and the suitability of the ICNA as the legislation. The derived requirements for CVD legislation include the establishment and publication of Vulnerability Disclosure Policy(VDP), legal protection for white-hat hackers, and designation and role assignments of coordinator. In the third step, we introduce approaches to apply the requirements for CVD legislation to the ICNA, which is the law governing prevention and response to cybersecurity incidents in private sector.