• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.93-106
• /
• 2015

Providing trading partners with personal information to establish an e-commerce financial transaction is inevitable. Most e-commerce companies keep personal information and transaction data for user's convenience and develop additional services as their applications. However, keeping personal information increases the likelihood of identity theft causing direct or indirect damage while it may simplify repetitive financial transactions. This study introduces risk management methods based on quantitative and qualitative analysis including demand-supply curve model and Gordon & Loeb model to analyze the risks for security management. The empirical analysis with survey results from KISA (Korea Information Security Agency) shows that the root cause of different statistics of personal information leakage incidents according to core business of internet companies is the difference in their Loss Expectancy caused by them. Also we suggest disciplinary compensation and higher standard for personal information protection as a solution to prevent the variation of investment on it between individual companies.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.67-75
• /
• 2021

As pass the three revised bills, the Personal Information Protection Act was revised to have a larger application for personal information. For an industrial development through an efficient and secure usage of personal information, there is a need to revise the existing anonymity processing method. This paper modifies the Zero Knowledge Proofs algorithm among the anonymity processing methods to modify the anonymity process calculations by taking into account the reliability of the used service company. More detail, the formula of ZKP (Zero Knowledge Proof) used by ZK-SNAKE is used to modify the personal information for pseudonymization processing. The core function of the proposed algorithm is the addition of user variables and adjustment of the difficulty level according to the reliability of the data user organization and the scope of use. Through Setup_p, the additional variable γ can be selectively applied according to the reliability of the user institution, and the degree of agreement of Witness is adjusted according to the reliability of the institution entered through Prove_p. The difficulty of the verification process is adjusted by considering the reliability of the institution entered through Verify_p. SimProve, a simulator, also refers to the scope of use and the reliability of the input authority. With this suggestion, it is possible to increase reliability and security of anonymity processing and distribution of personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.681-694
• /
• 2018

This paper studied the effects of risk cognition of personal information and self-expression information on conation of privacy protection. In the first study, 88 college students who volunteered for this research were surveyed about risk cognition of personal information and conation to protect it. In the second study, after an information-seeking expert collected and organized the self-expression information that 88 volunteers had expressed on SNS, and then showed the organized self-expression information to 88 volunteers, and then 88 volunteers were surveyed about risk cognition of self-expression information and conation to protect it. As results of the first data analysis, the risk cognition of personal information had the greatest influence on non-disclosure of personal information, followed by reduction of the disclosure scope and law institutionalization requirement. As results of the second data analysis, SNS users openly expressed their opinion or life-style, but when they realized that self-expression information can be accumulated and become sensitive information, they had conation to protect their self-expression information such as non-disclosure, reduction of disclosure scope, and law institutionalization requirement. The implication of this study is that we have overcome the limitations of existing researches that can not explain information protection behavior on SNS.

• Journal of Korean Society of Occupational and Environmental Hygiene
• /
• v.23 no.2
• /
• pp.57-64
• /
• 2013

Objectives: Skin exposure to diisocyanates may be an important risk factor for respiratory sensitization to leading asthma. However little is known about the extent of worker's diisocyanates skin exposure and the effectiveness of personal protective equipments in polyurethane foam manufacturing companies. This study provides data on diisocyanates skin exposure, surface diisiocyantes contamination of foams and the effectiveness of personal protective gloves in five polyurethane foam manufacturing companies. Materials and methods Colorimetric SWYPE pads are used for the determination of diisocyanates on surfaces of workers skin and polyurethanes foams. Results: The forearms, necks and faces of workers in polyurethane foam manufacturing companies were found to be contaminated with diisocyanates. Heavy contamination with uncured diisocyanates at large block foams surfaces were found. Personal gloves of workers for skin protection showed significant penetrations by diisocyanates. Conclusions: We found that all workers in polyurethane foam manufacturing companies could be exposed to diisocyanates by skin exposure. Also further researches which would better quantify skin exposure are needed.

• Journal of Information Technology Services
• /
• v.18 no.2
• /
• pp.55-73
• /
• 2019

The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.

• Journal of dental hygiene science
• /
• v.17 no.2
• /
• pp.99-107
• /
• 2017

The purpose of this study was to identify knowledge awareness, and performance of dentist and dental staff regarding protection of patient's personal information. In addition, this research was conducted to highlight the importance of protection of patient's personal information and provide a guideline for establishing measures in this regard. A survey was conducted on 506 dentists or dental staff working in Seoul, Gyeonggi and Chungcheong provinces. The data was analyzed using t-test, one-way ANOVA, $x^2$, Pearson's correlation coefficient, and Scheffe test, using the PASW Statistics ver. 18.0 program. We found that the participants' knowledge and perception of the protection of patient's personal information were relatively low compared to those of other professionals. Such knowledge and perception were especially and significantly low in dental hygienists. In addition, a high level of knowledge and awareness showed a positive correlation with the extent of performance. Therefore, it is important that dentists and dental staff are aware of issues regarding the protection of patients' personal information. For this purpose, educational and training programs on such issues appear essential.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.123-134
• /
• 2020

Although the rights of data subjects are defined through laws such as the Personal Information Protection Act, the consent process for collecting personal information by financial institutions is only formal and does not guarantee the right of self-determination of personal information. Therefore, it is necessary to analyze the problem by information provision items of the current model, and to improve by changing the structure such as replacing the current method provided with the text with pictures and videos, and mandatory to provide the information subjects with personal information flow related images from the signing up stage. The improvement model is presented as a way to add a procedure to the current model. The effect was verified through a survey. It is hoped that the proposed model is actually reflected through the review to create an environment that can be a true meaning agreement that reflects the information subject's right to self-determination.

• Journal of Fashion Business
• /
• v.20 no.1
• /
• pp.53-68
• /
• 2016

The purpose of this research was to evaluate the possibility of sustainable development of online advertisements conducted by fashion companies. Factors composed of sustainable development indexes of online advertisement that had been developed in previous studies were identified, and then the relevance between purchase intention and advertisement experience was evaluated. An online survey of 573 persons in the 20 to 40 age range who own mobile phone and have experienced online advertisements of a fashion brand or a fashion company was conducted. The data collected from the survey and the results are as follows. First, the validity and reliability from confirmatory factor analysis of six factors (namely, personal information protection, web use infringement, advertisement expression harmfulness, advertisement expression objectivity, emotional responsibility, and environment-friendly) and 21 questions was confirmed. Second, it confirmed that consumers gave low points to the evaluation of sustainable development indexes of online advertisement of fashion companies. In particular, that consumers gave low points with regard to both environmental friendliness and web use infringement. Third, it was identified that personal indexes such as personal information protection, web use infringement, and indexes relating to advertisement expressions do not directly influence the consumer's purchase intention. However, social indexes like emotional responsibility and environmental friendliness do have an influence on the consumer's positive action intention.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.173-180
• /
• 2015

The advent of personal healthcare record(PHR) technology has been changing the uses as well as the paradigm of internet services, and emphasizing the importance of services being personalization. But the problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, we propose a security labeling scheme for privacy protection in PHR system. In the proposed scheme, PHR data can be labeled also manually based on patient's request or the security labelling rules. The proposed scheme can be used to control access, specify protective measures, and determine additional handling restrictions required by a communications security policy.

• The KIPS Transactions:PartC
• /
• v.14C no.7
• /
• pp.545-552
• /
• 2007

P3P(Platform for Privacy Preference) that is used in the World Wide Web is a standard to define and negotiate policies about definition, transmission, collection, and maintenance of personal information. Current P3P standard provides methods that define client personal information protection policy and P3P policy associated with web server. It also provides a method that compares these two policies. The current P3P standard, however, does not handle detail functions for safe transmission of the personal information and data. Also, it does not handle problems that can be induced by the detail functions. In this paper, in order to solve these problems, we propose a Secure P3P(S-P3P) protocol, which is a security protocol for the current P3P standard, offers mutual authentication between the web server and the client, and guarantees integrity and confidentiality of the messages and data. Furthermore, a S-P3P protocol provides non-repudiation on transmission and reception of personal information that is transmitted from the client to the web server.