• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.2
• /
• pp.15-20
• /
• 2023

Recently, digitalization is accelerating in all industries, and the use of information and personal information produced and used in the process of it is very important for the success or failure of a company. However, malicious attempts to steal or leak major information and personal information of a company as an adverse effect continue to increase, and appropriate defense and response are absolutely necessary. However, in the case of small and medium-sized enterprises, the priority of information protection and the possession of professional manpower are very insufficient compared to large enterprises. This paper studies the certification and audit implemented in Korea, and suggests ways to expand the certification of the information protection system suitable for SMEs and improve the effectiveness of the support system through the expansion of the privacy law notification standard and operation of support system.

• Journal of Information Technology Services
• /
• v.18 no.2
• /
• pp.55-73
• /
• 2019

The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.117-128
• /
• 2012

Recently IT infrastructure plays a central role in the base of the society. However, use of personal registration number on internet sites has become a major factor increasing danger of leaking of personal information. Currently, the government is recommending various information protection services in order to prevent the collection of personal registration numbers and leaking of personal information on the internet. Among them, i-PIN service is the one recommended for minimal use of personal registration numbers on the internet. Although i-PIN can be used as a way to substitute personal registration numbers on the internet, there are certain limitations in using i-PIN as the only key to recognize individuals. This study proposes organization of web system in which self certification can be conducted using i-PIN as a tool for personal certification. Also its usability and stability have been verified through performance test when i-PIN service is linked with web service and used as personal certificate. But i-PIN service is unavailable if obstacles occur in providers of i-PIN self certification. To settle this inconvenience, the study also proposes how to cope with such obstacles.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Journal of the Korea Safety Management & Science
• /
• v.16 no.3
• /
• pp.433-441
• /
• 2014

Increasing the outsourcing of personal information treatment, the safe management and director for fiduciary is very important. In this paper, under the personal information protection management systems the current situation of fiduciary management and direction was reviewed and the certification system was analysed in terms of availability of the controled items. Under the basis of legal compliance at the time of the Privacy Act, the characteristics of outsourcing type was also analyzed and derived new controled items. As a result of the proposed research, new controled items for fiduciary could be used as a standard for the managing Director.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.578-579
• /
• 2021

According to a survey on the infringement of SMEs, the level of technology protection capability is improving every year, but technology leaks and damage continue to occur. This shows that there is a need for a security management and supervision system that can strengthen the security awareness of SME executives and employees and maintain the security level continuously. The Personal Information & Information Security Management System(ISMS-P) authentication systems is the latest related standard, which has the problem of applying the same certification criteria without considering the types of certification target organizations such as ISPs, IDC, hospitals and schools, and SMEs.. In this paper, 73 evaluation items that can be specialized and applied to SMEs were derived by referring to ISMS-P certification and Personal Information Protection Management System (PIMS) certification. The results of the study show that the number of evaluation items decreased by 28.4% compared to the existing ISMS-P certification.

• Informatization Policy
• /
• v.23 no.4
• /
• pp.38-58
• /
• 2016

The ever-evolving Internet environment along with changes in the mass media has been creating a new way of communicating in the virtual cyber world. The Internet users have more services at their disposal to communicate with ease. Such a new way of communication styles, however, makes them vulnerable to personal information leakage, increasing the concerns of cyber security. A thorny issue is how we can control the disclosure of personal information. Lately, the Korean government implemented privacy policies to resolve and prevent personal information leakage incidents that incur social problems. Here, we seek to identify problems in the privacy policies for better solutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.911-918
• /
• 2014

Over the past few years, security breaches have been consistently reported around the world. Especially, people's personal information are at risk of being breached as the firms gather and utilize the information for their marketing purposes. As an effort to revamp their data infrastructures, companies have rebuilt their system that almost every data, including the personal information, are stored within the digital database. However, this migration provides easier access to the database but it has also increased the system vulnerability. As the data can be easily exposed to the unauthorized personnel both intentionally and unintentionally, it is necessary for companies to establish a set of security protocol and operate the personal information protection system. There are two major certified security system in South Korea; PIMS from KISA and PIPL from NIA. This paper analyzes the preferences of SMEs and small business using conjoint attributes of PIMS and PIPL. The study shows that the business owners take post certification rewards as the most important factor. It also shows that the attributes that have the highest utility rates are the following; 1) KISA certification, 2) 79 points of protection counter measurements, 3) 28 items of life cycle, 3) 50 percent discount on certification fee, and 4) Reduced amount of fine for personal information leakage incident.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.23-37
• /
• 2012

Illegal game players' hacking and propagation of malignant code in online game exposes privacy of online game customers. So, online game companies have to support the standardized systems and operations of customers' privacies. Since online game companies implement authentication of information protection, which focuses on assets or physical, systemic security, they need a more professional system that is related to protection of individual privacy. We analyzed the individual information protection system, which includes ISO27001, ISMS of KISA, GMITS, ePrivacy, online game privacy protection guide, and BS10012. Using the suggested systems, we proposed the systemic tools that measure the level of individual information protection, which includes process and check items of each phase.