Cyber Security and Data Protection

Cyber Security and Data Protection - Description

Challenges in Korea. Jinhyun. CHO. Senior Researcher. Korea Internet and Security Agency. Short Intro. . To KISA. Security Incident Prevention and Response. . : 24/7 Situation Room to Respond Security Incidents. ID: 487962 Download Presentation

118K - views

Cyber Security and Data Protection

Challenges in Korea. Jinhyun. CHO. Senior Researcher. Korea Internet and Security Agency. Short Intro. . To KISA. Security Incident Prevention and Response. . : 24/7 Situation Room to Respond Security Incidents.

Similar presentations

Download Presentation

Cyber Security and Data Protection

Download Presentation - The PPT/PDF document "Cyber Security and Data Protection" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation on theme: "Cyber Security and Data Protection"— Presentation transcript:


Cyber Security and Data Protection Challenges in Korea



Senior Researcher

Korea Internet and Security Agency


Short Intro. To KISA

Security Incident Prevention and Response

: 24/7 Situation Room to Respond Security Incidents : Incident Handling including Mobile/e-mail SPAM Privacy Protection : PI Breach Reporting and Consultation : Removal of PI exposed on Websites

Information Security

Internet Promotion

Creating a Healthy Internet Culture

: Customized Internet Ethics Education Promoting Internet Business : Finding and Supporting New Quality Ventures Managing Internet Address Resources : Managing .kr domains(.kr registry)

Supporting Foreign Expansion of

ICT Businesses : Export Counselling, SME ConsultingCooperation with International Organizations : OECD, World Bank : Cyberspace Conference(2013), ITU PP(2014)

Int’l Cooperation

Policy Research and Survey Analysis

: Internet Issue Research and National ICT Statistics Supporting Improvement of ICT Legal Frameworks : Supporting the Enactment of New Act like Cloud Act : Analyzing and Researching Emerging Legal Issues

Policy Research


Cyber Terror on Broadcasting Stations and Banks

Coordinated Attack with H-Hour : 14:00(GMT+9) Service Disruption : 3 BS and 2 Banks Affected More than 40,000 computers Destroyed (HDD Erased) Clients, Servers, and even ATMs Infected with Malware Malware Distribution Path : Vaccine Update Server Improper Security Management : Serious Security Holes

March 20 Cyber Terror

I. Major Security Incidents in 2013


March 20 Cyber Terror

I. Major Security Incidents in 2013


Multiple Cyber Attacks : 69 Organizations Affected

Web Defacement : Blue House and 43 Private Web DDoS on Integrated Government Infrastructure Destruction of Computers in Mass Media Companies Coordinated and Sophisticated Attack Attack Scale & Methods ( Web Hard Client Program ) Attribution : Who is Behind the Attack?

June 25 Cyber Attack

I. Major Security Incidents in 2013


II. Major PI Breaches in 2014

More than 100 Mil. Card holders’ PI Leaked

K CCV : 53 Mil., L CCV : 26 Mil., N CCV : 25 Mil. Including RRN, Address, Financial Status, and etc. Internal Employee of Credit Rating Company Involved Counterfeit Prevention System Development Program PI Leaked with USB Thumb Drive (No Policy or Encryption) Leaked to Loan Advertisers and Loan Brokers Serious Financial and Legal Threats to Credit Card Vendors?

From Credit Card Vendors


12Mil PI Leaked through Homepage Hacking

Brutal Force Attack with Billing Information Sophisticated Hacking Vs. Trial and Error (?) Security Policy for Multiple Attempts from One IP(?) Leaked PI used to Advertise and Sell Mobile Phones Customized Information for Those Who Need a New Phone 3 or 4 Phones Sold to Over 150 Phones Sold After Breach Similar Incident Occurred 2 years ago

From Mobile Service Provider

II. Major PI Breaches in 2014


III. Response from Government

Nat’l Cybersecurity Comprehensive Countermeasures

BH takes the Lead in Major Cybersecurity Incidents

NIS : Working-level Coordinator

MND for Military Sector and MSIP for Private Sector

PCRC Strategy

P(Prompt) : Concurrent Situation Notification Framework

C(Cooperative) :


Information Sharing System

R(Robust) : CII Designation Increased (Around 400 in 2017)

C(Creative) : Supporting 10 Key Security Technology


III. Response from Government

Financial PI Breach Prevention Countermeasures

Protection of Financial Consumer Right

Minimum PI Collection and Self Determination

Clear and Strong Responsibility

Annual Reporting on IS & Penalty ( Up to 3% of Sale)

Strong Response to Security Incidents

Network Separation and RRN Encryption

Prevention of Potential Breaches

Destruction of Collected PI


IV. Key R&D Area for Information Security


(MSIP) R&D Plan for Information Security until 2017


Establish Secure & Trustworthy Creative Society Safety Network


Global Market Share : 2.4%(2012) to 3.0%(2017)



Class Tech. : 79.9(2013) to 90%(2017)

Competitiveness : Supporting 10 best IS Products

R&D Focus in 2014 : Incident Response & Wireless IDS


V. Research Cooperation Model

Cybersecurity Research Center

University and KISA Cooperation

Joint Project to Educate and Train Cybersecurity Experts

KISA : Provide the state-of-art information and technology


: Vulnerability and Malware


Providing Working Experiences in the Real




to Be


Open to Graduate School of Information Security


Thank You