• Smart Media Journal
• /
• v.8 no.1
• /
• pp.9-18
• /
• 2019

In the era of the 4th industrial revolution, the big data industry is gathering attention for new business models in the public and private sectors by utilizing various information collected through the internet and mobile. However, although the big data integration and analysis are performed with de-identification techniques, there is still a risk that personal privacy can be exposed. Recently, there are many studies to invent effective methods to maintain the value of data without disclosing personal information. In this paper, a personal information protection system is investigated to boost big data utilization in industrial sectors, such as healthcare and agriculture. The criteria for evaluating the de-identification adequacy of personal information and the protection scope of personal information should be differently applied for each industry. In the field of personal sensitive information-oriented healthcare sector, the minimum value of k-anonymity should be set to 5 or more, which is the average value of other industrial sectors. In agricultural sector, it suggests the inclusion of companion dogs or farmland information as sensitive information. Also, it is desirable to apply the demonstration steps to each region-specific industry.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.133-145
• /
• 2014

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

• Journal of Digital Convergence
• /
• v.16 no.1
• /
• pp.159-164
• /
• 2018

Biometric information does not need to be stored separately, and there is no risk of loss and no theft. For this reason, it has been attracting attention as an alternative authentication means for existing authentication means such as passwords and authorized certificates. However, there may be a privacy problem due to leakage of personal information stored in the server. To overcome these weaknesses, FIDO solved the problem of leakage of personal information on the server by using biometric information stored on the user device and authenticating. In this paper, we propose a multiple biometric authentication method that can be used in FIDO environment. In order to utilize multiple biometric information, fingerprints and EEG signals can be generated and used in FIDO system. The proposed method can solve the problem due to limitations of existing 2-factor authentication system by authentication using multiple biometric information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1293-1308
• /
• 2014

The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.27
• /
• pp.129-161
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• Journal of Digital Contents Society
• /
• v.11 no.1
• /
• pp.105-115
• /
• 2010

Search engines provide web documents that are related to user's query. However, using only the query terms that user provided, it is hard for search engines to know user's exact intention and provide the very matching web documents. To remedy this problem, search systems are needed to exploit personalized search technologies. In this paper, we propose not only a novel personalized query recommendation scheme based on folksonomy but also a new personalized search service architecture which reduces the risk of privacy violation while enabling search service providers to provide other various personalized services such as personalized advertisement.

• Journal of Satellite, Information and Communications
• /
• v.12 no.2
• /
• pp.99-103
• /
• 2017

Recently, acccording to price decline and miniaturization of drone, it is increased dramatically that drone usage in various category including military and private sectors. In accordance with popular usage, There is a increasing risk of safety accident, national security and public privacy problem. Hence there is a high demand for study and analysis applicable to the related technology and anti-drone method including drone detection and jamming. In general, it is extremely difficult to detect and recognize drones using conventional sensors. In this paper, we classify drone detection technology and Drone detection experiments are performed using CW RADAR to obtain and analyze micro-doppler pattern. This preliminary study aims to provide fundamental theory on radar drone detection and experimental test results such that in-depth anti-drone technology can be established in future.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.131-146
• /
• 2022

The Internet is becoming a basic need for many individuals globally in this digital age. The youths became more active online than before, with the majority relying on different platforms to communicate and interact with peers. Saudi Arabia is one of the nations where internet usage is high, with an increasing number of active internet users. The youth in Saudi Arabia are engaged in various online platforms. However, they lack adequate knowledge about cybersecurity and the dangers of internet usage, which exposes them to the risk of falling victims to cybercriminals. The most common dangers of internet usage include viruses, malware, phishing, and hacking, compromising users' sensitive information. Increased awareness of these potential threats helps protect Internet users and secure their data. The understanding of the dangers of Internet usage among youths varies across countries. In this regard, our study explores the risks of internet usage among youth in Saudi Arabia compared to the United States, South Africa, and New Zealand.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.33-38
• /
• 2019

In this paper, we propose a new blockchain technology that could comply with GDPR. The proposed model can prevent illegal access by controlling access to the personal information according to a access policy. For example, it can control access to the information on a role-basis and information validation period. The core mechanism of the proposed model is to encrypt the personal information with public key which is associated with users attributes policy, and then decrypt it with a private key and users attributes based on a Attribute-based Encryption scheme. It can reduce a trusted third-part risk by replacing it with a number of nodes selected from the blockchain. And also the private key is generated in the form of one-time token to improve key management efficiency. We proved the feasibility by simulating the proposed model using the chaincode of the Hyperledger Fabric and evaluate the security.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.183-191
• /
• 2014

SNS uses the Internet as its base. It is created in order to achieve communication between the users. Up until now, most previous research were focused on the users of SNS. But, there are still a great deal of people who do not use or discontinuously use SNS. This is because users have natural resistance against SNS when using the service. In this study, time shortage perception, awareness of SNS, self-efficacy, suitability, information quality of SNS, subjective norm and privacy concern are considered as influence factors by previous research. An empirical study for Chinese students and internet users was conducted to identify how these factors influence perceived risk and perceived usefulness, and how this influence to user's resistance. This study can explain the reason why users don't use SNS and resist SNS use.