Abstract
ABSTRACT After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more seri ous than external intrusions, financial companies in Korea have bee n taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financi al environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and techni cal controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defi nes and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial su pervisory authority, and to reinforce internal controls. We der ive and verify a decision-making model that reflects the proposed p rocess.Keywords: Personally Identifiable Information, Compliance, Information S ecurity, Risk Management, Metadata
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
