인공지능 서비스 시 개인정보 처리 위협 대응방안 연구

조항현 동국대학교 국제정보보호대학원 2024 국내석사

A Study on Countermeasures Against Personal Information Processing Threats in Artificial Intelligence Services In this paper, I studied ways to respond to threats to personal information processing in artificial intelligence services. Issues threatening personal information were identified during the artificial intelligence service process. A Study results are as follows. In this paper, personal information processing considerations at each service stage were considered to respond to personal information processing threats identified during artificial intelligence services. A legal basis must be established when processing learning data, artificial intelligence learning, and providing artificial intelligence services, and data flows must be identified and responded to so that the rights of information subjects are guaranteed in an automated information collection environment. To this end, from a management perspective, I proposed establishing a PbD-based internal system and a regular inspection process, and from a technical perspective, I proposed improving evaluation indicators for pseudonym processing solutions. Through the above study, it will be possible to minimize problems related to personal information processing in artificial intelligence services and carry out activities to strengthen the personal information protection management system. Even at this moment, artificial intelligence continues to develop, and countermeasures against threats to personal information processing must continue to be studied.

IC카드를 통한 금융거래시 개인정보보호 강화방안에 대한 연구 : 금융IC현금카드에 대한 내용을 중심으로

함수정 동국대학교 국제정보대학원 2010 국내석사

As the formation a global network using the internet, information collecting, analyzing, and processing is getting easier than ever before. However, the important personal information stolen or destroyed by others have raised the issue. Therefore, financial transaction service providers have to ensure the safety of the personal information handling. For this reason, this paper studies on encryption processing of entered personal information through the device that is embedded the financial IC card reader in financial transactions. Also, this paper suggests the implementation method of E2E (End-to-End) security environment based on user authentication and key management strengthening.

전력분야 정보시스템의 보안실태 및 최적의 정보보호정책 수립에 관한 연구

문덕력 東國大學校 國際情報大學院 2004 국내석사

A business unit of domestic electric power field companies is classifying in three kinds to electric power production, distribution, sales field greatly, and it manages one with planning of an information system by each field. Competitive market environment in Korean Power market was begun with the establishment of corporation which is independent by business field according to an electric power field carries out a business with single structure to sales in production in Korean electric power co. exclusively by 2000, and electric power industrial structure reorganization law becoming the passage in 2001. Therefore, establishment of six power generation companies was 1st phase of electric power market competition system and was proceeding with privatization with a power generation section of electric power production by stages. However, the newly developed information network system for those privatizes companies are very different from the other information system for the other ordinary companies, and until now there was few studies carried out to find out better policy and strategy six power generation companies. This study considers a side effect of information society of electric power field companies and a direction about information security policy and checks information aspect, and it is looking for a construction strategy and information security policy of a next generation information system. A configuration Chapter 1 of this paper watches an background of study and object and a study way and a range Chapter 2 and considers information security policy and side effect of information society. Chapter 3 tries to analyze the results through survey information system and information security cases. A Chapter 4 checks electric power field industrial environmental analysis and the present situation of an information system of a generation company. A Chapter 5 presents a next generation information system construction strategy and most suitable information protective policy for a development company. The Chapter 6 presented the study results and a future plan. As for the information technology principle (IT Principles) for information system framework(architecture) configuration, a principle must be with each component part by application, data, technology, IT management, etc. At present systematic IT technology of structurization and vision were not enough for and must structure these component part with framework(architecture). It is desirable forwarding course of future power company information system model to apply the information system construction guideline that established in the government in April of 2004 and a basic principle must define by each company and must develop an information system on the base of it. Therefore, a long term strategy model is the information integrated infrastructure construction. To do that, it is important that information Road Map configuration and establishment of Web service portal, construction of ERP system to correspond to global business environment in e-Biz system, establishment of mobile business environment support for Ubiquitous computing structure, and total information security system(ESM) should be considered. To establish optimize information security policy, information security architecture was required. Since information security require a systematic approach and problem solving to minimize damage, it should not work according to a case by case approach but the principle and set up direction which was established by a information architecture. A security strategy must support development related main business with establishing information communication infrastructure. To do that, the company must reinforce the existing security organization (security administrator, a security team) or establish a new security organization. Information security policy must be established in a direction to achieve a strategy effectively, and C.I.A(C: Confidentiality, I: Integrity, A: availability) principle must be follow to clarify importance of information system assets. After setting up the valuation of each and every information through C.I.A. principle, the company must use its own security personal or professional computer security consulting organization to executes Risk evaluation to be periodic on information assets (vulnerability-Risk-Threat analysis) to establish optimum procedures for information protective policy and standard. According to the principle as above, the most suitable information system and information security policy to be suitable for a power generation company can be devised.

개인 프라이버시 보호 관점의 DB 암호화 도입 방법론

김태균 동국대학교 국제정보대학원 2010 국내석사

Protection of personal information leakage is an emerging issue and rapidly applied to various industries due to its high-risky characteristic and benefit of business marketing. Although IT provides valuable benefits, it might also cause serious privacy problems. Previous studies show that privacy issues should be considered in developing IT system, but they just provide basic concept and architecture about privacy issues. It needs approach of research with technology study. Industry needs alos more structured framework and detailed systematic process to incorporate privacy issues into the IT system. The purpose of this paper is to develop a framework and detailed process design of privacy protection issues in retail industries. A framework is developed based on individual sensitivity concept, It is expected that the proposed framework and process design would provide more systematic guide lines to solving privacy problems.

韓-美 駐屯軍 地位協定(SOFA) 改定協商에 관한 연구

양진호 동국대학교 국제정보대학원 2001 국내석사

This paper is analysis of negotiation strategy of the ROK-US SOFA reform between Korean government and US government to provide Korean government's strategy for later coming negotiation of the ROK-US SOFA reform in the future. In this paper, I placed focus on the analysis and evaluation of procedure and result of negotiation of the ROK-US SOFA reform. American forces in Korea have come to station in Korea because Korean government and United States of America shared common national security strategic interest. To legalize and award status they concluded on ROK-US SOFA. When they concluded for the first time, Korean government and US government concluded on an unfair agreement because US recognized itself as the protection of Korea from the communist force. But due to Korea's rising status and Korea is ceaselessly require reform of ROK-US SOFA their relationship progressed gradually equal than initial conclusion. Accordingly, this study made the subject of study as follows. First, I try to compare and analyse with foreign SOFA to find out overall problems of the ROK-US SOFA's contents and structure and then to examine negotiation agenda for Korean government level in the future. Second, I examined ROK-US SOFA's conclusion and characteristic reform negotiation this while and analyse negotiation of the ROK-US SOFA reform's structure, variables, decision factors of structure and organization factors of negotiation power. Third, I examined Korean and US government's negotiation strategy during negotiation of the ROK-US SOFA reform procedure and grope for Korean government's negotiation strategy when they will promote negotiation of the ROK-US SOFA reform again in the future. This paper consist of six chapters to investigate the problems. Chapter 2 refers to theoretical investigation of international government business negotiation, section 1 refers to general theory of international negotiation, section 2 refers to concept of international negotiation strategy and necessary condition of international negotiation structure, section 3 refers to general theory and negotiation method of international government business negotiation. Chapter 3 is to examine ROK-US SOFA conclusion and historical changes, section 1 refers to concept of SOFA, from section 2 to section 5, it refer to ROK-US SOFA conclusion and transition course each period. Chapter 4 is to examine structure and principal contents of ROK-US SOFA to problem of the present time, section 1 refers to history of foreign SOFA, section 2 refers to American Forces in Korea's station purpose and basis, section 3 refers to examine structure and principal contents of each periodic ROK-US SOFA and investigate problem by compare with German SOFA and US-Japan SOFA. Chapter 5 is to examine negotiation strategy for ROK-US SOFA amendment, section 1 refers to examine structure and variables of ROK-US SOFA, section 2 refers to negotiation strategy of year of 2001 ROK-US SOFA from a US and Korean government standpoint, section 3 refers to when it will hold negotiation of the ROK-US SOFA reform to provide Korean government's homologous strategy to in the future Until now the result of problem of Studying are as follows. First, the problems that appear in the ROK-US SOFA are as follows. Korea has to abandon the right of jurisdiction of a trifling event except for 12 principal crimes at right to exercise jurisdiction and no right to evaluate wether american soldier is on public duty. Prosecution appeal is impossible except from the mistake of law. Also environment articles and medical inspection articles have to be promoted to German SOFA's level so that American forces Korea can be observed by Korean law. Article of refer to facilities and areas is basically American forces in Korea unlimited station so far as Mutual defense treaty between Republic of Korea and the United States of America will not reformed so by joint committee decide wether restoration by actual inspection 1time per a year. In a civil suit procedure when American soldier loosing a law suit Korean law court can compulsory execution but the article which how they execute is excluded. Therefore, compared to fairly concluded US-Japan SOFA or German SOFA their still remains in the ROK-US SOFA unfair articles so still many articles remains to be reformed. Also, if unfair factor of Mutual defense treaty between Republic of Korea and the United States of America will have been reformed, ROK-US SOFA can reformed much easier. Second, ROK-US SOFA's element of organization of negotiation, decision factors of structure and organization factors of negotiation power are as follows. ROK-US SOFA negotiation is international government business negotiation which is asymmetrical relationship between USA which is powerful country and Korea. The elements of organization of negotiation are the person concerned negotiation is ROK-US government which is both negotiation, negotiation agenda mainly brought up limitation of execution of Korean law because of american soldier's crime which was held before negotiated. Procedure of negotiation was processed in continuously because of difference of position between Korean and US government and without restricted by time except for special case. Decision factors of structure was adopted to general international negotiation's decision factor of structure like that. Organization factors of negotiation power are concerns and commitment, tactics of negotiation and environment which are unfamiliar factor is more efficient rather than alternatives and control which are familiar factor Third investigating negotiation strategy, US government using competition strategy in the beginning because they did not want to losing initiative of negotiation and then transferred cooperative strategy latter part of negotiation. But Korean government using cooperative strategy from beginning to end because USA is more powerful country than Korea and considering relationship between Korea and USA. Thus Korea got initiative in negotiation but result of negotiation was inferior. Therefore Korean government can bring up agenda of negotiation with initiative because Korean government have required amendment of ROK-US SOFA, so Korean government derive strategy for increase of power of negotiation by unfamiliar factor of negotiation harmonized with strategy of negotiation Korean government should be fully prepare coming agreement because reform of ROK-US SOFA in year of 2001 did not accomplish its initial goal, which is complete reform. American forces Korea can decrease in its magnitude due to changing US national security strategic interest in Korean peninsula but they will not wholly withdraw because of importance of the region. Therefore ROK-US SOFA holds good for the future, thus problems of ROK-US SOFA's still remaining can act as a problem which will become a prominent figure effect a cause of reformed negotiation. For that reason Korean government should consider about reform of ROK-US SOFA is still in progress. Korean government should grasp US government's strategy and interest of negotiation during negotiation of ROK-US SOFA reform this while and prepare for a long time. To provide Korean government's strategy for later coming negotiation again is for eliminate the part which is violated sovereignty of Korea and it makes and it will help more friendly relationship between Korea and USA.

동남아 정보보호시장 분석 및 수출방안 연구

이진학 동국대학교 국제정보대학원 2002 국내석사

Compare to the IT advanced nations, Korean information security industry have many weak points such as short experiences, financial difficulties, technologies, brand-recognition, and marketing. A number of companies were established in a short period and it caused severe competitions among themselves. Within this environmental condition, it is hard to build their companies firmly and healthy except few. Therefore, overseas expansion is a matter of life and death to them. As they preparing the overseas market expansion, they began to realize how the overseas market expansion is hard without market information and market experiences. Within this circumstances, aiming southeastern Asia and china as target markets are easier. Because the IT advanced nations do not consider southeastern Asia heavily. China is considered as a major target market because it has unlimited huge market. This paper provides the Chinese market investigation information, preparations, problems, and expansion type analysis depending on the target's geological and national boundaries. For the market analysis, analyzes Internet-Infra, each nation's investigation plan, and already advanced companies. Also explained the target country's national traits and its marketing strategy. Management, product, marketing, CC matters are explained at the 'preparation and problems'. Moreover, the things need to be concerned when selecting a target country, overseas expansion methodology and the steps of overseas expansion are represented in diagram format. For Chinese market, this report fully explains not only considerations, possible problems, and expansion methodology but also the required certificates. A copy of certificate and hundreds of certified firewall lists are also provided. Explained about Common Criteria (CC), participant countries status, and why induction of CC evaluation and participating CCRA are necessary. Furthermore, possible problems, expected effects, proper participating timing, and currently CCRA participate preparing countries are shown. For the conclusion, suggests several effective recommendations for successful foreign expansion. Author hopes that the recommendations help the domestic industries to expand effective. So the domestic companies can compete with foreign companies at the bigger world market rather than competing severely at the small domestic market. Believes that is the way we should go. Before government opens the domestic IT security market to foreign, the government should check the domestic IT security market's competitive power whether they are ready or not. And then should make a proper decision of market open timing.

개인정보보호 개선방안에 관한 연구 : 정보통신망 이용촉진 및 정보보호 등에 관한법률 중심으로

김정훈 동국대학교 국제정보대학원 2002 국내석사

The Internet has changed dramatically from a large network of computers to a new marketplace where millions of consumers purchase goods and services over the past a few years. Companies are increasingly using the Internet as another medium through which to attract consumers. The fast growth of electronic commerce using these new network gives many facilities to the consumer s comparing with the traditional commerce. For example, the facilities includes overcoming of the limitation of time and space, interactive marketing and cutting down in expenses etc. Though these facilities given by electronic commerce through the Internet, consumers are hesitating to purchase goods and services in the eCommerce marketplace. This is because of the fear of misuse of person al in formation consumers provide when they transact the contract with companies in the e-marketplace and recent survey demonstrates this fact, too. Of course, in the off-line world, businesses does also have the danger of misuse of personal information, but the computer technological developments have enhanced the ability of companies to collect, store, transfer, and analyze vast amounts of data from and about the consumers who visit their websites on the World Wide Web, and therefore the danger of misuse of p er son al information is increasing radically. In addition to this, faceless, impersonal nature of the Internet transactions makes it necessary for consumer to provide their person al information to the on-line companies. In other words, on-line transactions are built with an electronic declaration of intent, and therefore, personal information is inevitable to verify the subject of an electronic declaration of intent. Also, after verifying who is the subject of an electronic declaration of intent, it is possible to confirm who is the subject of rights and responsibilities. It is not too much to say that personal information is inevitable to complete the on-line transactions. Besides, consumers awareness and concern about non-personally identifiable information such as cookies is also rising because the danger of misuse of personal data is more in creasing when these kinds of data is joined together with personal information or personal identifiable in formation. With the increase of consumers concern about the misuse of personal information, many countries, including Korea, have built various policies protecting consumers against the misuse of personal in formation by the on-line companies. These policies generally include the support to the industry self-regulation and the enacting personal information protecting legislation. Specifically, most legislation s follow the EU directive (Directive on the Protection of Individuals with Regard to the processing of Personal data and the Free Movement of Such Data, 96 \ 46 \ EC). In Korea, the transfer of personal information in the electronic commerce transaction has been regulated by "the Act on the promotion of Utilization of Information and Communication System en acted in July 2000. But it has been criticized in that it cannot protect the personal data from misusing. Therefore, "Act on the Promotion of Utilization of Information and Communication System and the Protection of Information" was enacted in December 2000 and it has come into force since last 1st July 2001. It is bigger and more extensive about the protection of personal data in the electronic commerce than the existing Act it replaces. The chapter 4 of the revised act addresses the personal information protection. First, it expands the range of the objects applied by this law. It can apply to the on-line companies as well as to the off-line companies. Second, it surcharged the liabilities of the companies in relation to the trust of dealing with person al information and transferring the goodwill. Third, it strengthens the consumer's rights of access and control. Forth, it can cover the protection of personal information of children under 14 years old. Fifth, it organizes a committee to settle the dispute over misusing of personal in formation. In spite of these legislative efforts, "Act on the Promotion of Utilization of Information and Communication System and the Protection of Information" lacks an efficient mechanism for consumer personal information on-line. The Chapter 5 of this thesis suggests the current act should be revised as follows. First, it is necessary to en act the apprehensive personal information protection act integrates both public section and private section into a comprehensive whole. Currently, Korean person al information protection act has been separated into public section and private section. Act on the Protection of Personal Information Maintained by Public Agencies covers the former, and "Act on the Promotion of Utilization of Information and Communication System and the Protection of Information" covers the latter. Second, in case on-line companies collect the consumers personal information, the circumstances under which they can collect the consumer personal information with out consent should be made clear (section 22), and "explicit consent" is needed for on-line companies to collect the sensitive personal information revealing racial or origin, political opinions, religious or philosophical beliefs and concerning health or sex life(section 23). Third, current act ad dresses that 'notice' is need d in case of transferring the goodwill of an on-line company, but it does not address explicitly when this 'notice' should be provided to consumers, before or after transferring the goodwill. Therefore, the 'notice' in the section 26 should be revised in to 'a prior notice' , and if there is no specific declaration of intent until several days after the notice, the intent of personal information subject is regarded as 'dissent'. Forth, the concrete legal policy should be made about transborder personal information. The current act does not pay any attention to transborder personal information. Though the transborder personal information flow has been taking place more often than ever with the advance of electronic commerce and Internet business, the discussion about transborder personal information flow in Korea has not been developed so seriously. Therefore, it is necessary to investigate problems of transborder personal information flow and search the alternative and strategic dispute resolution measures with out delay. Fifth, the in dependent organization in exclusive charge of protection personal information should be built. Currently, "Korea Consumer Protection Board" has already been establish ed, but such a general consumer protection organization is not enough to solve the various problems about personal information, specifically on-line. As a result, it is necessary to build a not-for-profit organization such as "Data Protection Commissioner" in United Kingdom, "The National Commission on Information and Freedom (CNIL)" , and "Privacy Commissioner" in Canada. Sixth, the judicial measures for the relief of the victims should be complimented . Current act addresses a committee to settle the dispute over misusing of personal in formation. It has some advantages, such as settling the dispute more rapidly and technically than general litigation. However, if the dispute is able to be settled by this committee, the victims should utilize a litigation against the assaulters. Also, in this kin d of litigation, it is common damages is a little an d the number of case is so large. In this regard, more efficient litigation system like class action in the united states or punitive damage system like treble damage should be developed. In addition to these suggestion, there is an other issue to pay attention to the on-line company bankruptcy. The Toysmart and Living.com cases illustrate the difficult problems raised by the sale of customer data in a bankruptcy case. On the one hand, because the volume of database of On-line company is greater than off-line, allowing the sale or lease of personal information as a business asset under Korea Bankruptcy Act may infringe on consumer rights. On the other hand, in case of bankruptcy, it is very important to balance rights of creditors and customers. Therefore, if the court restrict the sale or lease of customer data absolutely, creditor s may be damaged greatly. As a result, legislators are to be in dilemma. In Korea, discussion about the on-line company bankruptcy does not seem to be made lively until now. Before long, Korea will meet this challenging problem, and so should establish efficient legal policy. In conclusion, this thesis does analyze the problems in relation to protection personal information from a legislative standpoint. However, not only legislative policy but also industry self-regulation plays a important role in protection personal information on-line. In other words, just a legislative policy should not be an exclusive means and industry self-regulation should not be overlooked. Korea government should promote the industry self-regulation. Toysmart.Com case shows that self-regulation organization like TRUSTe could not protect its certification by taking direct action to prevent Toysmart from selling its customer database and was ultimately forced to rely on the FTC's assistance because it is supported financially by on-line companies like MicroSoft, RealNetworks, America Online and Ironically, TRUSTe also counts each of its principal corporate backers among its clients - all of its sponsors are also certified and licensed to use the TRUSTe logo on their websites. Korea government should formulate policies in due consideration of this difficulty. While on line sales will likely continue to grow despite the aforementioned concerns about protection personal information, the pace will largely be determined by the degree to which on-line companies can boost consumer confidence in the medium.

국내 중소기업을 위한 정보보호정책에 관한 연구

육계산 동국대학교 국제정보대학원 2002 국내석사

The technical revolution of Info-Communications has recently been considered more influential over the whole society, than the Industrial Revolution in the late 19th century. The way to the Information Age means that our society is shifting to the digital economy or e-Economy oriented one, speeding up with the new way of transactions and inevitably changing the life style of people as well as the business style of the companies. In light of these, it is clear that the Information Revolution will play a critical role for the medium & small-sized companies and their own country to secure competitive edge, by increasing productivity and cutting costs for transactions. In spite of its importance, the informatization level of medium & small-sized companies is much lower than foreign or large companies, the analysts say. They have only superficial understanding of it, and face difficulties in securing funds and skilled workforce. To make things worse, the thorough research and investigation on what their weakest part is and how weak it is, are still not enough. Meanwhile, as new side-effects such as the gap of access to information, hacking, computer virus and the spread of unsound information (which were not found in the Industrial society) emerge, comprehensive measures and active response against those side effects are in strong need. The companies are struggling to prepare comprehensive measures, since they are aware that the effective response to those side-effects will play a key role in successfully adapting themselves to the approaching Information-oriented society. Information processed and transferred by system utilizing information technology, are inevitably critical resources for surviving in this competitive society. So the reality itself explains why companies are trying hard to get and keep good information in their hands. Considering the above, this study analyzed the state and reality of medium & small sized companies that are trying to achieve successful informatization by collecting various study and survey results recently issued. This study also considered side-effects of the Informatization, along with the policies for securing information, in various angles. On the basis of these, This article would like to provide those policies that are appliable to the circumstances of medium and small sized companies in Korea. Naturally, when a systematic R&D, and the establishment of a concrete Operation Guide and a detailed checklist in keeping step with a rapid advancement of the high-tech Information Security Technology are consistently made, those policies proposed by this article will have a real effect.

정보주체의 보안 인식 향상을 위한 개인정보 동의 방식의 개선방안

홍지혜 동국대학교 국제정보보호대학원 2022 국내석사

정보주체가 개인정보자기결정권이라는 권리를 올바르게 이해하고 실현하기 위해서는 개인정보보호법을 기준으로 작성된 개인정보처리방침을 읽고 이해해야 한다. 하지만 많은 정보주체들은 개인정보처리방침의 존재조차 모르고 있고, 알고 있음에도 이의 중요성을 잘 모르고 있기에, 본 논문은 정보주체의 보안 인식 향상을 위한 개인정보 동의 방식의 개선방안에 대한 주제로 연구하였다. 인터넷 배너 광고에서의 시각적 주의가 재인 및 회상에 어떠한 영향을 미치는지 분석한 결과를 활용하여, 정보주체의 보안에 대한 인식을 향상시키기 위한 방법으로 알림 창을 제시하였다. 시각적 주의에 영향을 미치는 요소들로는 색과 움직임 등이 있으며, 반복 횟수와 메시지 또한 재인 및 회상에 영향을 미친다는 결과를 활용하였다. 따라서 개인정보의 수집 및 이용에 대해 동의를 받을 경우, 움직임을 통해 시각적 주의를 끌 수 있도록 알림 창을 제시하였다. 또한 메시지의 내용은 개인정보처리방침의 존재와 필요성에 대해 누구나 이해하기 쉽게 알릴 수 있도록 알림 창을 만들었다. 향후 연구에서는 이 메시지의 내용을 선정하고 실제로 구현하여, 정보주체들의 보안 인식 향상에 어떠한 영향을 주었는지 연구할 것이다. In order for information subjects to properly understand and realize the right to self-determination of personal information, they must read the personal information processing policy prepared based on the Personal Information Protection Act. However, many information subjects do not even know the existence of personal information processing policies, and they do not know the importance of them even though they do. As a way for the information subject to improve awareness of security, it was described as an example of Internet banner advertisement. The results of analyzing how visual attention in Internet banner advertisements affects Recognition and Recall were used. A solution was proposed to improve the low security perception of information subjects by using the effects of visual attention and memory through visual stimulation.

정성적 기준에 의해 개선된 정보보호지표 산출

박종복 동국대학교 국제정보대학원 2002 국내석사

When processing the Information Security Index, the importance in the evaluation of Information resource must be referred in addition. As step of this process get results of the reducing manage-mental error and represent the efficient way to analyze the value of Information Systems and Resources. So far, we have used "The Weighted Factor of Information Assessment" which weights to qualify the Security Index. In this thesis, it will be to emphasize the importance of evaluation part in "Quality Information Valuation" that has been missed out when it qualified the Security Index. Moreover, it will be to represent the way to qualify Security Index by the notion and value of Information with the method and features of Information. With this Security Index, It will be to show basic method in Information Security and also refer specific method in Information Security for special application system; so that can keep the system safer from the threats. In addition, this essay summarizes the analyzing methods in Information Systems and the evaluating the value of Information resources to reduce analytic errors in the use and management of Information resources. Moreover, by considering the factors in the evaluation, which must be considered carefully, It will be to deduce a conclusion in manage- mental level among the objective and reasonable possibility in the process of evaluation. According to the fact, representing expanded area of evaluation method after considering various notions that include "Quality Valuation" for our system. Considering the weight more detailed in qualifying security index by referring the "Quality factors". It is to suggested the importance of evaluation part in "Quality Information Valuation" and the strategy of risk analysis. It is very meaningful because I applied detailed method especially in the case which is very difficult to represent its value.