Advanced SearchSearch Tips
A Decision-Making Model for Handling Personal Information Using Metadata
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
A Decision-Making Model for Handling Personal Information Using Metadata
Kim, Yang-Ho; Cho, In-Hyun; Lee, Kyung-Ho;
  PDF(new window)
After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.
Personally Identifiable Information;Compliance;Information Security;Risk Management;Metadata;
 Cited by
News1, "4 years 100 003 000 million personal data breaches,", Sep.12. 2015.

Wikipedia, "Personal definition,"

The total estimated damage due to leakage of the credit card company is 100 billion won, 4390924

Sang-Hyuk Cho, "Design and Implementation of a Metadata System for Financial Information Data Modeling," The Korea Society of Computer and Information, 17(1), pp. 81-85, Jan. 2012.

Doosan Encyclopedia, "metadata," =32840

Understanding of data modeling, =9&boardIdx=31&boardStep=1

Young Man Ko, Tae-Sul Seo, "A Study on Metadata Mapping for Semantic Interoperability," Journal of the Korean Society for Information Management, 24(4), pp. 223-238, 2007. crossref(new window)

Mapping ISO 27001 Controls to PCI-DSS V1.2 Requirements, ISO 27001 Implementer's Forum, 2009

Basel II : Revised international capital framework publ/bcbsca.htm

The First and Oldest Internet Resource Fully Dedicated to The SAS70 Auditing Standard,

Knowledge Encyclopedia Glossary, "personally identifiable information," http://terms.

So-yi Kim, "Electronic Financial Accidents types and Responsibility Activity," KFTC, payment and information technology, pp.34-62. 2009.

Su-Mi Lee, Jaemo Seung, "Electronic Financial Accidents types and Security Threat Classification," Journal of The Korea Institute of Information Security & Cryptology, 21(7), pp. 53-61, Nov. 2011.

Sangjin Lee, "A Study on financial transactions, security enhanced means using the Internet," Journal of The Korea Institute of Information Security & Cryptology, 15(4), pp. 38-42, Aug. 2005.

Seong-In Jo, Tae-hyeong Park, Jong-in Im, "Research about the Financial Institution's Preparations for Electronic Financial Accidents under New e-Financial Transaction Act," Korea Information Assurance Society, 8(4), pp. 9-19, Dec. 2008.

Wan-jib Kim, "Integrated management and compliance across heterogeneous IT Compliance Logs," Journal of The Korea Institute of Information Security & Cryptology, 20(5), pp. 65-73, Oct. 2010.

Tae-Hee Kim, Young-Tae kim, jae-Mo Sung, "A Study on Financial IT Security Compliance Framework," Korea Information Processing Society, 18(1), pp. 893-896, May. 2011.

Byeong-soo Lee, Ji-sang Hwang, Dong-uk Hwang, Bong-cheol Choe, Yong-jin Hong, "IT compliance in accordance with the financial plan complies with privacy and personal information protection law enforcement Utilization Research," Journal of The Korea Institute of Information Security & Cryptology, 23(1), pp.35-43, 2013.

Il-han Yoon, "A Study on the Effect of Information Security Compliance and Crisis Management on Information Security Trust," Information Systems Review, 17(1), pp.141-169, Apr. 2015.

Yeong-jin Choi, Jeong-hwan Kim, "A Study on Data Security Control Model of the Test System in Financial Institutions," Journal of The Korea Institute of Information Security & Cryptology, 24(6), pp. 1293-1308 , Dec. 2014. crossref(new window)

Seong-Cheol Cho, Cho-Yee Nam, "A Study on Application Structure for IT Operational Risk in Financial Institute," Journal of The Korea Institute of Information Security & Cryptology, 23(6), pp. 705-719, Dec. 2013.

Missier, Paolo, Pinar Alper, Oscar Corcho, Ian Dunlop, and Carole Goble, "Requirements and Services for Metadata Management," IEEE Internet Computing Vol. 11, no. 5, pp. 17-25, 2007 crossref(new window)

O'Neill, Kevin, Ray Cramer, Marta Gutierrez, K. Kleese van Dam, Siva Kondapalli, Susan Latham, Bryan Lawrence, Roy Lowry, and Andrew Woolf, "The Metadata Model of the NERC Data Grid," In Proceedings of the UK e-Science All Hands Meeting, Cox, SJ (Ed.) ISBN, pp. 1-904425, 2003.

Fu-cheng Xie, Bei-zhan Wang, Li-yan Chen, Liang Shi, Qing-shan Jiang, "Research & Application of Metadata Management System Based on Data Warehouse for Banks," Proceedings of 2008 3rd International Conference on Intelligent System and Knowledge Engineering, Vol. 1, no. 45, pp. 384-388, 2008.