A Decision-Making Model for Handling Personal Information Using Metadata

2016 
ABSTRACT After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more seri ous than external intrusions, financial companies in Korea have bee n taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financi al environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and techni cal controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defi nes and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial su pervisory authority, and to reinforce internal controls. We der ive and verify a decision-making model that reflects the proposed p rocess.Keywords: Personally Identifiable Information, Compliance, Information S ecurity, Risk Management, Metadata
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    7
    References
    0
    Citations
    NaN
    KQI
    []