• Journal of the Korea Convergence Society
• /
• v.9 no.3
• /
• pp.231-240
• /
• 2018

Recently, personal information processing are becoming more important in the behavioral advertising based on online and mobile platform. The behavioral advertising analyzes and utilizes individual's search & purchase history, hobbies, and tendency based on the personal behavior information collected using the automatic collection device. Therefore, it collects and stores other types of personal information which did't defined in Privacy Act and can analyze personal behavior. This characteristics may cause disclosure of personal information and exposure to intrusion. In this paper, we investigate and analyze the privacy policy of the advertising agencies, and discussded the measures to be taken in collecting, storing and using personal information suitable for behavior information.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.107-113
• /
• 2019

Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.537-552
• /
• 2024

Domestic nuclear power plants operate under the establishment of the "Information System Security Regulations" in accordance with the Nuclear Safety Act, introducing and implementing a cybersecurity system that encompasses organizational structure as well as technical, operational, and managerial security measures for assets. Despite attempts such as phased approaches and alternative measures for physical protection systems, the reduction in managed items has not been achieved, leading to an increased burden on security capabilities due to limited manpower at the site. In the main text, an analysis is conducted on Type A1 assets performing nuclear safety functions using Maintenance Rules (MR) and EPRI Technical Assessment Methodology (TAM) from both a maintenance perspective and considering device characteristics. Through this analysis, approaches to re-evaluate the impact of cyber intrusions on asset functionality are proposed.

• Review of KIISC
• /
• v.29 no.3
• /
• pp.51-65
• /
• 2019

미국의 사이버보안 관련 법률은 1987년 컴퓨터보안법이 제정되는 시점이 본격적인 시작이라고 할 수 있다. 1990년대에는 컴퓨터 및 인터넷의 발전으로 정보보안의 중요성이 대두되었으며 법률은 데이터 보호 및 프라이버시 중심으로 제정되었다. 2002년 국토안보부 설립을 위한 국토안보법의 제정을 통해 본격적인 국가 사이버보안 정책을 시작할 수 있는 토대를 마련하였다. 전자정부법(2002) 부속법률인 연방정보보안관리법(FISMA 2002)은 연방기관들의 사이버보안 관련 임무를 구체화하여 국가차원의 사이버위협 대응을 체계적으로 할 수 있었다. 2014년 연방정보현대화법(FISMA 2014)으로 개정되어 지난 10여년간의 시행착오를 바로잡는 노력을 진행하고 있다. 2015년 사이버보안법(Cybersecurity Act 2015), 2018년 사이버보안 및 기반구조보안기관법(CISA 2018)을 제정하여 국가 사이버보안 체계를 획기적으로 발전한 미국의 사이버보안 법률의 추진 현황을 살펴봄으로써 우리나라의 법체계의 발전방향에 대해 고찰해 보도록 한다.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2022.10a
• /
• pp.423-424
• /
• 2022

본 연구에서는 미국의 국가핵심기반보호제도의 변화에 대해 고찰하고 시사점을 도출한다. 이를 위해 9/11 테러 공격 이후 국가핵심기반보호계획(National Infrastructure Protection Plan)을 중심으로 관련 법률 및 제도와 조직변화를 추적하고 고찰하였고, 이들의 관계를 도식화하여 타임라인(timeline)분석을 실시하였다. 본 연구를 통해 국토안보대통령령-8호(HSPD-8), 대통령령-21호(PDD-21), 사이버보안과 핵심기반법(Cybersecurity & Infrastructure Act)등의 관련 법제 변화를 통해 총 3가지 버전의 NIPP이 있음을 확인할 수 있었으며, 2018년에 사이버보안과 주요인프라청(CISA)이 창설되어 국가핵심기반보호제도업무를 이곳으로 이관하여 운영되고 있음을 알 수 있었다. 또한 국가핵심기반을 보는 관점이 9/11 테러 공격 이후 주요 핵심기반 보호(Protection)에서 주요핵심기반의 복원력(Resilience)제고로 변화하고 있음을 도출하였다.

• Informatization Policy
• /
• v.28 no.2
• /
• pp.98-113
• /
• 2021

This study presents implications of the Global Data Law & Policy by comparing national data strategies, data regulations and policies, and governance in South Korea, the United States, the United Kingdom, and the European Union. According to the result of the comparative analysis, the biggest difference is in data governance, in other words, the management and coordination of policies at the pan-government level and data ethics. Therefore, this study proposes the establishment of a presidential special committee on data policy or the creation of a 'National Digital Innovation Office' at the Presidential Secretariat as a national CDO for the governance of data policies. Furthermore, this paper suggests a) to enact 'the Framework Act on the Development of Data Industry' that can regulate data practices in the private sector, b) to institutionalize the data-centric security and data protection, c) to settle the public ethics and personnel management based on data expertise and professional ethics, including explainability and responsibility, and d) the education and training systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.801-811
• /
• 2023

With the cyber incidents increasing every year, opinions are being raised that legal system relating to incident reporting needs to be revised to improve the cyber incident reporting rate, etc. Accordingly, this paper suggests a legal improvement to enhance the effectiveness of cyber incident reporting. First, by analyzing domestic media coverage, this paper defines the problems which need to be improved regarding an incident reporting system as "unreported" and "not timely reporting". Then, this paper finds four requirements for legal improvement like "a reporting entity", "a starting point of reporting", "a reporting deadline" and "a protection of reporting information" by analyzing the relationship between reporting relating problems and issues published by overseas institutions and additionally by analyzing the need to revise the law. Finally, through an analysis of legislative cases, this paper suggests a legal improvement for the requirements.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.9-17
• /
• 2023

Due to COVID-19, the concept of Zero Trust, a safe security in a non-face-to-face environment due to telecomm uting, is drawing attention. U.S. President Biden emphasized the introduction of Zero Trust in an executive order to improve national cybersecurity in May 2021, and Zero Trust is a global trend. However, the most difficulty in introd ucing new technologies such as Zero Trust in Korea is excessive regulation of cloud and network separation, which is based on the boundary security model, but is limited to not reflecting all new information protection controls due to non-face-to-face environments. In particular, in order for the government's policy to ease network separation to b ecome an effective policy, the zero trust name culture is essential. Therefore, this paper aims to study legal improve ments that reflect the concept of zero trust under the Electronic Financial Transactions Act.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.6
• /
• pp.1137-1142
• /
• 2017

Cyber hacking attacks and cyber terrorism are damaging to the lives of the people, and in the end, national security is threatened. Cyber-hacking attacks leaked nuclear power cooling system design drawings, cyber accidents such as hacking of Cheongwadae's homepage and hacking of KBS stations occurred. The Act on Information and Communication Infrastructure Protection, Promotion of Information and Communication Network Utilization and Information Protection, and the Personal Information Protection Act remove the responsibility for cyber attacks, but it is difficult to prevent attacks by hackers armed with new technologies. This paper studies the development of cyber security experts for cyber security. Build a Knowledge Data Base for cyber security professionals. Web hacking, System hacking, and Network hacking technologies and evaluation. Through researches on the operation and acquisition of cyber security expert certification, we hope to help nurture cyber security experts for national cyber security.

• Archives of Plastic Surgery
• /
• v.50 no.4
• /
• pp.443-444
• /
• 2023

Point-of-care photography and photo sharing optimize patient outcomes and facilitate remote consultation imperative for resident surgeons. This literature review and external pilot survey study highlight the risks associated with current practices concerning patient privacy and biometric security. In a survey of 30 plastic surgeon residents and attendings, we found that the majority took photos of patients with their iPhones and shared them with colleagues via Apple iMessage. These findings corroborate previous reports and highlight a lack of physician user acceptance of secure photo-sharing platforms. Finally, we frame a successful example from the literature in the context of a postulated framework for institutional change. Prioritizing the privacy and safety of patients requires a strategic approach that preserves the ease and frequency of use of current practices.