• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.5
• /
• pp.2415-2421
• /
• 2013

Widespread personal data utilization has led personal data protection to its importance at core, and serious data spill has increased constantly as a result. Though various types of protection systems for data spill have been suggested, all these met failures in detection of personal data when printed out or preventing fatal data exposure without any protections when data spill happens. I propose API-Hook method which detects and controls personal data within printouts, and prevents data leakage through masking on the printed-out data. Also, it is verified if security is guaranteed on the documents containing personal data when implementing. In order to obtain security, it is essential to put more weights on the balance with availability than confidentiality.

• The Journal of Korean Association of Computer Education
• /
• v.8 no.5
• /
• pp.73-83
• /
• 2005

Recently, Internet utilization ratio of elementary school students is urgently increasing. On the other hand, elementary school students are not doing personal information management properly in the Internet. As a result, it is causing problem of information leakage. In this paper, we proposed a instructional learning method to teach importance of personal information management to an elementary school student. Proposed method is based on role-play instructional learning method. And applied to the third-year class in elementary school. We show that proposed method is effect in education than traditional teaching method about personal information management's importance.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.193-201
• /
• 2017

Financial firms strengthen to protect personal information from the leakage, introducing various security solutions such as print output security, internet network Isolation system, isolationg strorage of customer information, encrypting personal information, personal information detecting system, data loss prevention, personal information monitoring system, and so on. Financial companies are also entering the era of cutthroat competition due to accept of the new channels and the paradigm shift of financial instruments. Accordingly, The needs for security for customer information held by financial firms are keep growing. The large security accidents from the three card companies on January 2014 were happened, the case in which one of the outsourcing personnel seized customer personal information from the system of the thress card companies and sold them illegally to a loan publisher and lender. Three years after the large security accidents had been passed, nevertheless the security threat of the IT outsourcing workforce still exists. The governments including the regulatory agency realted to the financail firms are conducting a review efforts to prevent the leakage of personal information as well as strengthening the extent of the sanction. Through the analysis on the application of security policy for outsourcing personnel in case of large-scale Financial IT projects and the case study of appropriate security policies for security compliance, the theis is proposing a solution for both successfully completing large-scale financial IT Project and so far as possible minizing the risk from the security accidents by the outsouring personnel.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1103-1113
• /
• 2020

Hospitals store and manage personal and health information through the electronic medical record (EMR). However, vulnerabilities and threats are increasing with the provision of various services for information sharing in hospitals. Therefore, in this paper, we propose a model to prevent personal information leakage due to the transmission of patient information in EMR. A method for granting permission to securely receive and transmit patient information from hospitals where patient medical records are stored is proposed using OAuth authorization tokens. A protocol was proposed to enable secure information delivery by applying and delivering the record access restrictions desired by the patient to the OAuth Token. OAuth Delegation Token can be delivered by writing the authority, scope, and time of destruction to view patient information.This prevents the illegal collection of patient information and prevents the leakage of personal information that may occur during the delivery process.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.1-10
• /
• 2014

In February 2014 Korean Bar Association has amended Professional Ethics Code as to stipulate attorney's duty to protect personal information. While existing Korean law and Professional Ethics Code has made attorney to keep client's confidential information, attorney's newly promulgated obligation has its meaning in that personal information of subject other than client is not protected through confidentiality rules, given that confidentiality obligation is interpreted to protect only client's information relating to representation. Moreover, duty to protect personal information deals with not only disclosure and use of information, which confidentiality rules is about, but also collection and retention process, access to and correction and care of information and even destruction of information. Amid unprecedented theft of personal data in several national banks and other serious leakage reported recently, this paper is going to contemplate the scope and application of the duty to protect personal information with hope to contribute to starting discussion on it.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.9
• /
• pp.2044-2055
• /
• 2015

Financial information systems play such a pivotal role in the financial institution services that are provided for a large customers on the basis of various information including the personal information. As for the personal information collected during the transactions in the financial information systems, huge efforts and investment have been made to protect previously them from being inappropriately misused or illegally used if they could be released. Unfortunately, the frequent accidents on the leakage of sensitive personal information have occurred recently not only by external service users but even by internal system users. Therefore, the aim of this study is to suggest a model of advanced two-channel authentication for internal users in order to increase the stability of financial information systems with enhanced security.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.2
• /
• pp.75-81
• /
• 2012

As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.27-34
• /
• 2017

In recent years, major security data such as research data and confidential documents have been leaked to the outside due to the carelessness of the companies and research institutes performing IT related services such as information technology projects and research and development of financial institutions, companies and public institutions is. Leakage cases are caused by leakage of personal information due to lack of security management of information system maintenance companies, such as unauthorized leakage or storage of related materials in outsourcing service process. In this paper, we analyzed the types and management status of service business through the environmental survey of corporate informatization business and analyzed the problems in development and maintenance using external service companies. Furthermore, in this paper, we provide an information system service that focuses on the business activities based on the items considered, and at the same time, it provides the informatization service for companies that can prevent infiltration of viruses and hacking from the outside. This paper presents a methodology for enhancing security for the system construction.

• Journal of Korean Society for Quality Management
• /
• v.45 no.3
• /
• pp.583-594
• /
• 2017

Purpose: The purpose of this study is how personal information protection risks affect the intention to use domestic smart banking services. VAM(Value based Adoption Model) model is validated as a theoretical background, selecting ease of use, usefulness and perceived security as a benefit factor, and considers perceived cost, technical complexity, and risk of personal information leakage as a sacrifice factor. Methods: The method of this study used questionnaire survey to collect 365 data on suer's perception on smart banking services, and also performed a structural equation modeling method using by AMOS 23. Results: The result of this paper shows that all hypothesis are accepted statistically significant except 1 hypothesis. Conclusion: This research is concluded that perceived value is affected on statistically positive impact on ease of use, usefulness and perceived security, and negative impact on perceived cost and risk of personal information violation, not statistically technical complexity.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.7
• /
• pp.3699-3719
• /
• 2017

Conjunctive keyword search encryption is an important technique for protecting sensitive personal health records that are outsourced to cloud servers. It has been extensively employed for cloud storage, which is a convenient storage option that saves bandwidth and economizes computing resources. However, the process of searching outsourced data may facilitate the leakage of sensitive personal information. Thus, an efficient data search approach with high security is critical. The multi-user search function is critical for personal health records (PHRs). To solve these problems, this paper proposes a novel multi-user conjunctive keyword search scheme (mNCKS) without a secure channel against keyword guessing attacks for personal health records, which is referred to as a secure channel-free mNCKS (SCF-mNCKS). The security of this scheme is demonstrated using the Decisional Bilinear Diffie-Hellman (DBDH) and Decision Linear (D-Linear) assumptions in the standard model. Comparisons are performed to demonstrate the security advantages of the SCF-mNCKS scheme and show that it has more functions than other schemes in the case of analogous efficiency.