• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.695-706
• /
• 2018

In recent years, industrial convergence centered on ICBM (internet of things (IoT), cloud, big data, mobile) has been experiencing rapid development in various fields such as agriculture and the financial industry. In order to prepare for cyber threats, one of the biggest problems facing the convergence industry in the future, the development of the industry must proceed in tandem with a framework of information security. In this study, we analyze the details of the current industrial development policy and related information protection policies using cross impact analysis and present policy priorities through the expert questionnaire. The aim of the study was to clarify the priorities and interrelationships within information security policy as a first step in suggesting effective policy direction. As a result, all six information security policy tasks derived from this study belong to key drivers. Considering the importance of policies, policies such as improving the constitution of the security industry and strengthening of support, training of information protection talent, and investing in the information security industry need to be implemented relatively first.

• Journal of Digital Convergence
• /
• v.15 no.9
• /
• pp.1-14
• /
• 2017

As we enter the era of big data, the value of personal information is becoming ever more important. However, personal information protection laws in Korea have several issues. Furthermore, existing research are limited in their ability to facilitate a comprehensive understanding of measures to improve personal information protection laws. Accordingly, this study analyzes improvements to be made in the current personal information protection laws based on existing research. A total of 39 research articles discussing the problems of the personal information protection law were selected and analyzed by applying the meta - analysis technique. According to the results, the various issues such as the meaning and scope of personal information, the role and obligations of relevant parties, provision of personal information to third parties, and redundant and imbalanced regulations in special acts in each field. that exist in the current personal information protection laws were confirmed. This study contributes to the improvement of inconsistency between information protection laws and related special laws in each field in practice. Academically, it will contribute to understanding the problems of th law from the macro perspective and suggesting the integrated improvement ways of the law.

• Convergence Security Journal
• /
• v.12 no.2
• /
• pp.107-113
• /
• 2012

Recently, according to the establishment of personal information protection Act, the public and private organizations are taking a step to protect personal information rights and interests by employing the technical methods such as the access control mechanism, cryptography, etc. The result of the personal information leakage causes a serious damage for the organization image and also has to face with the responsibility by law. However, applying access control and cryptographic approach on the personal information item for every connection to large database system causes significant performance degradation in a large database system. In this paper, we designed and implemented the light weight system using JVM (Java Virtual Machine) for the Oracle DBMS environment which the concurrent transaction occurs many, thereby the proposed system provides the minimum impact on the system performance and meets the need of personal information protection. The proposed system was validated on the personal information protection system which sits on a 'A' public organization's portal site and personnel information management system.

• Convergence Security Journal
• /
• v.6 no.2
• /
• pp.31-42
• /
• 2006

In this paper, we proposed an integrated infrastructure for optimal information security to resolve these kinds of problems and to implement more powerful protection. The proposed infrastructure presents a security framework, provides a functional mechanism, and implements a scheme for information security based on the design concept of integrated structures. In order to ensure effective malicious traffic blocking, this paper emphasizes that a comprehensive approach through infrastructure improvement and combination of scanning tool is the only measure for preparing against today's environment of virus infiltration. The proposed model is a measure developed at a time when a permanent technological solution to virus is yet to be developed. A performance analysis model is developed and the performance is evaluated through the case studies for the proposed methodology. The effectiveness of the infrastructure for optimal information security needs the continuous diagnostic evaluation and tuning through the users or the organizations.

• Journal of Digital Convergence
• /
• v.5 no.1
• /
• pp.55-68
• /
• 2007

It soaks but 2001 July information communication base step law enforcement and the Enforcement Ordinance are published to follow, in order to support the establishment of evaluation and protective measure in order the vulnerability analysis against the facility of the agency which manages an important information communication base hour opinion to designate information protection specialty enterprise. As information protection specialty enterprise being revealed evacuation laboratory back 12 enterprises from information communication department become designation as the consulting enterprise and they do an enterprise activity actively. It follows in diffusion of the IT and information reconciliation level the other side where our country belongs in the world-wide first group, the research against the disfunction plan of preparation comparison the fact that law it is come negligently all actuality. The network as it will give management coat fatal effect even at obstacle occurrence hour of instant for of case and IT facility of the cyber transactions which leads, in the future there to be to corporate management, there is a possibility the stable civil official of information Facilities for communications very seeing in the portion which is important. Present condition and important propulsion contents of information communication base step law enforcement after, against a vulnerability analysis of information protection relation field and evaluation consulting methodological application situation to sleep it researches from the dissertation which it sees consequently and it does.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.9
• /
• pp.464-472
• /
• 2017

In the ICT (Information and Communication Technology) convergence security environment, a lot of companies use an external public web system for the external disclosure and sharing of product information, manufacturing technology, service manualsand marketing materials. In this way, the web system disclosed on the Internet is an important aspect of cyber security management and has an always-on vulnerability requiringan information protection solution and IT vulnerability checks. However, there are limits to vulnerability detection management in anexternal environment. In this study, in order to solvethese problems, we constructed a system based on digital forensics and conducted an empirical study on the detection of important information in enterprises by using forensic techniques. It was found thatdue to the vulnerability of web systems operated in Korea and overseas, important information could be revealed,such as the companies' confidential data and security management improvements. In conclusion, if a system using digital forensic techniques is applied in response to theincreasing number of hacking incidents, the security management of vulnerable areas will be strengthened and the cyber security management system will be improved.

• International Journal of Internet, Broadcasting and Communication
• /
• v.11 no.2
• /
• pp.59-66
• /
• 2019

The emergence of new IT technologies and convergence industries, such as artificial intelligence, bigdata and the Internet of Things, is another chance for South Korea, which has established itself as one of the world's top IT powerhouses. On the other hand, however, privacy concerns that may arise in the process of using such technologies raise the task of harmonizing the development of new industries and the protection of personal information at the same time. In response, the government clearly presented the criteria for deidentifiable measures of personal information and the scope of use of deidentifiable information needed to ensure that bigdata can be safely utilized within the framework of the current Personal Information Protection Act. It strives to promote corporate investment and industrial development by removing them and to ensure that the protection of the people's personal information and human rights is not neglected. This study discusses the strategy of deidentifying personal information protection based on the analysis of fake news. Using the strategies derived from this study, it is assumed that deidentification information that is appropriate for deidentification measures is not personal information and can therefore be used for analysis of big data. By doing so, deidentification information can be safely utilized and managed through administrative and technical safeguards to prevent re-identification, considering the possibility of re-identification due to technology development and data growth.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.4
• /
• pp.695-702
• /
• 2022

Smart railway system, which has been actively studied in recent years, is entering the intelligent stage beyond the automation stage based on ICT (Information & Communication Technology) such as communication technology and information technology. ICT technology used in smart railways is generally supported by various information protection technologies as it is vulnerable to information infringement. As a means of high-speed/mass transportation, it is essential to devise an information protection plan for ICT technology that forms the basis for smartening the railway system. Therefore, this paper presents the necessity of step-by-step information protection that measures for smart railway communication by examining potential risk factors of smart railway communication base and considering information protection factors that can respond to them.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.67-70
• /
• 2003

Since IT industries grew, The information security of both individual and company has come to the front. But, nowadays, It is very hard to satisfy the diversity of security Protection Profile with simple Intrusion Detection System, because of highly developed Intrusion Skills. The Intrusion Detection System is the system that detects, reports and copes with of every kind of Intrusion actions immediately. In this paper, we compare the concept of IDS PPs and analyze the threat of PP.

• Journal of Convergence for Information Technology
• /
• v.11 no.3
• /
• pp.20-33
• /
• 2021

This study is to suggest improvements of personal information protection in South Korea, according to requiring the safety of process and protection of personal information. Accordingly, based on data collection and analysis through literature research, this study derived the issues and suitable standards of personal information for major artificial intelligence services. In addition, this cases studies were reviewed, focusing on the legal compliance and porcessing compliance for personal information proection in major countries. And it suggested the improvement plan applied in South Korea. As the results, in legal compliance, it is required reorganization of related laws, responsibility and compliance to develop and provide AI, and operation of risk management for personal information protection laws in AI services. In terms of processing compliance, first, in pre-processing and refining, it is necessary to standardize data set reference models, control data set quality, and voluntarily label AI applications. Second, in development and utilization of algorithm, it is need to establish and apply a clear regulation of the algorithm. As such, South Korea should apply suitable improvement tasks for personal information protection of safe AI service.