In Internet of Things (IoT) era, more diverse types of information are collected and the environment of information usage, distribution, and processing is changing. Recently, there have been a growing number of cases involving breach and infringement of personal information in IoT services, for examples, including data breach incidents of Web cam service or drone and hacking cases of smart connected car or individual monitoring service. With the evolution of IoT, concerns on personal information protection has become a crucial issue and thus the risk analysis and management method of personal information should be systematically prepared. This study shows risk factors in IoT regarding possible breach of personal information and infringement of privacy. We propose “a risk analysis framework of protecting personal information in IoT environments” consisting of asset (personal information-type and sensitivity) subject to risk, threats of infringement (device, network, and server points), and social impact caused from the privacy incident. To verify this proposed framework, we conducted risk analysis of IoT services (smart communication device, connected car, smart healthcare, smart home, and smart infra) using this framework. Based on the analysis results, we identified the level of risk to personal information in IoT services and suggested measures to protect personal information and appropriately use it.

• 1. 서 론
• 2. IoT 활용 분야와 개인정보
• 3. 개인정보 위험 분석
• 4. IoT 환경에서의 개인정보 위험분석 프레임워크
• 5. 신규 프레임워크를 활용한 IoT 위험 분석 결과
• 6. 결 론
• References
• 〈Appendix 1〉 Detailed Risk Analysis using Proposed Framework

1 최희식, "사물인터넷 보안 문제제기와 대안" (사)디지털산업정보학회 11 (11): 69-78, 2015

2 최경진, "빅데이터·사물인터넷 시대 개인정보보호법제의 발전적 전환을 위한 연구" 중앙법학회 17 (17): 7-50, 2015

3 KATS(Korean Agency for Technology and Standards), "“[KS X ISOIEC27005] Information technology-Security Techniques-Information Security Risk Management"

4 Arthur, D.L, "Wanted : Smart Market-Makers for the Internet of Things" 2 : 2011

5 ISACA, "The Risk IT Framework" ISACA 2009

6 MSIP(Ministry of Science, ICT and Future Planning), "Statistics of Smartphone Subscribers" ITSTAT 2015

7 MSIP(Ministry of Science, ICT and Future Planning), "Statistics of IPTV Subscribers" ITSTAT 2015

8 TTA, "Standardization related to Smart Buildings" TTA 2011

9 Caragliu, A, "Smart Cities in Europe" 18 (18): 65-82, 2011

10 NIST(National Institute of Standards and Technology), "Risk Management Guide for Information Technology Systems"

11 ISACA, "Risk IT Framework for Management of IT Related Business Risks" ISACA 2009

12 TTA(Telecommunication Technology Association), "Risk Analysis and Management Standards for Public Information Systems Security-Risk Analysis Methodology Model" 2000

13 TTA, "Risk Analysis Methodology for IT Services" TTA 2008

14 Infosec, "Risk Analysis Methodology and Security Consulting Trends" Infosec 2008

15 KSGI(Korea Smart Grid Institute), "Research on Smart Grid Policy and Market in Major Countries" KSGI & KOTRA 2010

16 KISDI(Korea Information Society Development Institute), "Research on Development Direction of Smart Devices Manufacturing Industry" KISDI 2013

17 Park, N.J, "Privacy Protection in Smart Grid" 20 (20): 62-78, 2010

18 Korea COP Forum, "Personal Information Protection Governance ABC" 2008

19 Kane, S, "Pay-As-You-Drive Car Insurance : Big Savings, No Privacy?"

20 EU, "Opinion 8/2014 on the on Recent Developments on the Internet of Things"

21 Glen, W, "OnStar Plugs Hacker Attacks"

22 Lewis, T, "OnStar Doesn’t Give Up Easily…Sometimes"

23 Gartner, "Market Trends : TSPs Must Invest in the Rapidly Evolving IoT Ecosystems Now" Gartner 2013

24 Joo, D.Y, "IoT’s Activation Plan for Creative Convergence in Hyper-Connected Society" KIET(Korea Institute for Industrial Economics & Trade) 342 : 2014

25 Kang, N.H, "IoT Convergence Service Security Requirement" 32 (32): 45-50, 2015

26 Lee, Y.H, "IoT Based Promising Market Prospect and Agenda to Realize the Creative Economy" NIA(National Information Society Agency) 2013

27 ISO/IEC, "Information Technology-Security Techniques-Information Security risk Management"

28 Jeon, C.M, "Evolving Direction of the Connected Car Service" KT Economic and Management Research Center 2013

29 KB Reseach, "Development Trends and Future Changes in Connected Car" 15 : 2016

30 Naughton, K, "Cars a Target for Identity Thieves as Shopping Comes to Dashboard"

31 KCA(Korea Communication Agency), "Business Trends of Major Operators in Connected Car and Prior Task for Service Dissemination" KCA 2013

32 Krisher, T, "Auto Industry Steps up Fight Against Hackers" The Associated Press 2013

33 Shin, Y.J, "A Study on Policy Tasks of Personal Information Protection in IoT Era" 692-710, 2015

34 Gartner, "6. 4 Billion Connected Things Will Be in Use in 2016, Up 30 Percent From 2015" 2015

35 KISA(Korea Internet Security Agency), "2014National Information Security White Paper" KISA 2014

36 CIOKorea, "0. 15 Billion Connected Cars in 2020"