• Title/Summary/Keyword: Privacy Invasion

Search Result 45, Processing Time 0.114 seconds

The Behavioral Attitude of Financial Firms' Employees on the Customer Information Security in Korea (금융회사의 고객정보보호에 대한 내부직원의 태도 연구)

  • Jung, Woo-Jin;Shin, Yu-Hyung;Lee, Sang-Yong Tom
    • Asia pacific journal of information systems
    • /
    • v.22 no.1
    • /
    • pp.53-77
    • /
    • 2012
  • Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

  • PDF

The Role of Mothers in Children's Privacy Protection on the Internet (인터넷에서의 아동의 프라이버시 보호와 어머니의 역할)

  • Kim, So-Ra
    • Journal of the Korean Home Economics Association
    • /
    • v.46 no.2
    • /
    • pp.59-71
    • /
    • 2008
  • The purpose of this study was to discuss the role of mothers in children's privacy protection on the Internet. Specifically, the study explored 1)children's privacy protection efforts on the Internet, 2)types of personal information children provided at Web sites, and 3)the effect of mothers' privacy protection efforts on their children's privacy protection levels. The Internet survey was conducted and total of 153 mothers and their children aged 12-13 were included for statistical analysis. The descriptive statistics and Ordinary Least Squares were used. The results yield that children showed relatively high levels in providing personal information on the Internet, while they have no sufficient competency at privacy protection. The effect of mothers' privacy protection efforts on children's privacy protection was partially supported. The longer hours of Internet use and frequent participation in online events increased the potential consequences of children's privacy invasion. Providing privacy standards for online service providers and marketers targeting children could help protect children's privacy. Moreover, education program targeting parents and children could contribute them reduce potential consequences of children's privacy invasion.

Analysis of the Information in the COVID-19 Emergency Alert : Focusing on Essential Information Factors and Privacy Invasion Information Factors (코로나19 안전안내문자 정보 속성 분석 : 필수 정보 요인과 프라이버시 침해 정보 요인을 중심으로)

  • Kim, Minjin;Kim, Miyea;Kim, Beomsoo
    • Knowledge Management Research
    • /
    • v.22 no.2
    • /
    • pp.227-246
    • /
    • 2021
  • In the context of the global pandemic caused by COVID-19, emergency alert text messages can violate the privacy of confirmed corona positive cases. This study used conjoint analysis to identify the essential information factors and the privacy invasion information factors of local government initiated safety notices. As a result of this study, we found eight essential information factors, including all routes of the confirmed case and ten privacy invasion factors of safety notices. In addition, we found that there is a similarity between the combinations of information perceived to be the most essential and perceived as the most significant privacy invasion; both combinations include the confirmed case's personal and route information. This study ultimately tried to suggest a way to lower the concern about privacy invasion of the confirmed cases without damaging the emergency alert text messages' essential information. We expect that this study will provide researchers and policymakers interested in disaster communication with valuable theoretical and practical implications.

Federated Learning Privacy Invasion Study in Batch Situation Using Gradient-Based Restoration Attack (그래디언트 기반 재복원공격을 활용한 배치상황에서의 연합학습 프라이버시 침해연구)

  • Jang, Jinhyeok;Ryu, Gwonsang;Choi, Daeseon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.5
    • /
    • pp.987-999
    • /
    • 2021
  • Recently, Federated learning has become an issue due to privacy invasion caused by data. Federated learning is safe from privacy violations because it does not need to be collected into a server and does not require learning data. As a result, studies on application methods for utilizing distributed devices and data are underway. However, Federated learning is no longer safe as research on the reconstruction attack to restore learning data from gradients transmitted in the Federated learning process progresses. This paper is to verify numerically and visually how well data reconstruction attacks work in various data situations. Considering that the attacker does not know how the data is constructed, divide the data with the class from when only one data exists to when multiple data are distributed within the class, and use MNIST data as an evaluation index that is MSE, LOSS, PSNR, and SSIM. The fact is that the more classes and data, the higher MSE, LOSS, and PSNR and SSIM are, the lower the reconstruction performance, but sufficient privacy invasion is possible with several reconstructed images.

Risk based policy at big data era: Case study of privacy invasion (빅 데이터 시대 위험기반의 정책 - 개인정보침해 사례를 중심으로 -)

  • Moon, Hyejung;Cho, Hyun Suk
    • Informatization Policy
    • /
    • v.19 no.4
    • /
    • pp.63-82
    • /
    • 2012
  • The world's best level of ICT(Information, Communication and Technology) infrastructure has experienced the world's worst level of ICT accident in Korea. The number of major accidents of privacy invasion has been three times larger than the total number of Internet user of Korea. The cause of the severe accident was due to big data environment. As a result, big data environment has become an important policy agenda. This paper has conducted analyzing the accident case of data spill to study policy issues for ICT security from a social science perspective focusing on risk. The results from case analysis are as follows. First, ICT risk can be categorized 'severe, strong, intensive and individual'from the level of both probability and impact. Second, strategy of risk management can be designated 'avoid, transfer, mitigate, accept' by understanding their own culture type of relative group such as 'hierarchy, egalitarianism, fatalism and individualism'. Third, personal data has contained characteristics of big data such like 'volume, velocity, variety' for each risk situation. Therefore, government needs to establish a standing organization responsible for ICT risk policy and management in a new big data era. And the policy for ICT risk management needs to balance in considering 'technology, norms, laws, and market'in big data era.

  • PDF

A Study on Privacy Invasion using Bluetooth Earphone (블루투스 이어폰을 통한 사생활 침해에 관한 연구)

  • Bang, MinJe;Kwak, MoSes;Cho, Taenam
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2018.10a
    • /
    • pp.240-241
    • /
    • 2018
  • 근거리 통신을 기반으로 한 기기들이 급증하며 사용자에게 편리함을 제공하고 있다. 그 중에서도, 블루투스 이어폰이 상용화되면서 사용자들이 점차 확대되고 있다. 본 논문에서는 사회 공학적 기법으로 페어링된 블루투스 이어폰을 통하여 개인의 사생활이 침해당할 수 있는 위험성에 대하여 분석하였다.

Effects and Causality of Measures for Personal Information: Empirical Studies on Firm and Individual Behaviors and their Implications (개인정보보호 대책의 효과 및 인과관계: 기업 및 개인의 개인정보보호 행동에 대한 실증분석 및 그 시사점)

  • Shin, Ilsoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.2
    • /
    • pp.523-531
    • /
    • 2016
  • This paper studies the empirical relationship between various privacy protection measures and personal information invasion experience of firms and individuals using rich and heterogeneous survey data. By analyzing PSM models. we get the following results: first, the treatment group which have more technical measures and/or IS investment tends to experience more privacy invasion than the control group which have less of them. second, the reverse causality, that is firms and individuals with more experience of privacy invasion tends to take more measure for personal information protection, is found to exist. From these result, we discuss proper privacy policies implications in respects of attackers benefits and individual irrationality.

Secure and Efficient DB Security and Authentication Scheme for RFID System (RFID 시스템을 위한 안전하고 효율적인 DB 보안 및 인증기법)

  • Ahn, Rae-Soon;Yoon, Eun-Jun;Bu, Ki-Dong;Nam, In-Gil
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.36 no.4C
    • /
    • pp.197-206
    • /
    • 2011
  • In the RFID system, bulk tag information is stored into the back-end database as plaintext format not ciphertext. In this case, the tags's private informations can be easily compromised by an external hacker or an insider attacker. If the private informations of tags disclosed by the attackers, it can occur serious privacy invasion problem. Recently the database(DB) security is an important issue to prevent the above DB compromised attack. However, DB security for RFID systeme has not been considered yet. If we use the DB security technique into the RFID system, the above described privacy invasion' problem can be easily prevented. Based on this motivation, this paper proposes a secure and efficient back-end database security and authentication(S-DB) scheme with XOR-based encryption/decryption algorithm. In the proposed scheme, all tag's private information is encrypted and stored by using the DB secret key to protect the DB compromised attack. As a result, the proposed S-DB scheme 'can provide stronger security and more efficiency for the secure RFID system environment.

Medical Information Privacy Concerns in the Use of the EHR System: A Grounded Theory Approach (의료정보 프라이버시 염려에 대한 근거이론적 연구: 전자건강기록(EHR) 시스템을 중심으로)

  • Eom, Doyoung;Lee, Heejin;Zoo, Hanah
    • Journal of Digital Convergence
    • /
    • v.16 no.1
    • /
    • pp.217-229
    • /
    • 2018
  • Electronic Health Record (EHR) systems are widely adopted worldwide in hospitals for generating and exchanging records of patient information. Recent developments are moving towards implementing interoperable EHR systems that enable information to be shared seamlessly across healthcare organizations. In this context, this paper explores the factors that cause medical information privacy concerns, identifies how people react to privacy invasion and what their perceptions are towards the acceptance of the EHR system. Interviews were conducted to draw a grounded theory on medical information privacy concerns in the use of EHRs. Medical information privacy concerns are caused by perceived sensitivity of medical information and the weaknesses in security technologies. Trust in medical professionals, medical institutions and technologies plays an important role in determining people's reaction to privacy invasion and their perceptions on the use of EHRs.

Implementation of Tag Identification Process Model with Scalability for RFID Protecting Privacy on the Grid Environment (그리드환경에서 RFID 프라이버시 보호를 위한 확장성있는 태그판별처리 모델 구현)

  • Shin, Myeong Sook;Lee, Joon
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.2 no.1
    • /
    • pp.81-87
    • /
    • 2009
  • Recently RFID system has been adopted in various fields rapidly. However, we ought to solve the problem of privacy invasion that can be occurred by obtaining information of RFID Tag without any permission for popularization of RFID system To solve the problems, it is Ohkubo et al.'s Hash-Chain Scheme which is the safest method. However, this method has a problem that requesting lots of computing process because of increasing numbers of Tag. Therefore, in this paper we apply the previous method into the grid environment by analyzing Hash-Chain scheme in order to reduce processing time when Tags are identified. We'll implement the process by offering Tag Identification Process Model to divide SPs evenly by node.

  • PDF