A Method for Calculating Exposure Risks of Privacy Information based on Website Structures
This research proposes a method that aims to evaluate the risk levels of websites based on exposure risks of privacy information. The proposed method considers two aspects as follows. First, we define the risk levels of each privacy information according to its own inherent risk. Second, we calculate the visiting probability of a webpage to measure the expected of the actual exposure of privacy information on that webpage. In this research, we implemented an system to prove that automatically collects websites and calculates their risk levels. For the experiments, we used a real world dataset consisting of a total of websites for 4 categories such as university, bank, central government agency, and education. The experiment results show that the websites in the bank category are relatively well managed, while the others are needed to cope with the exposure of privacy information. Finally, the proposed method in this research is expected to be further utilized in establishing a priority-based approach to alleviate of the privacy information exposure problems.
BizSpring Education Consulting Team, “Website Measurement and Analysis,” BizSpring, p. 87, 2011.
Brin, S. and Page, L., “The Anatomy of a Large-scale Hypertextual Web Search Engine,” Journal of Computer Networks and ISDN Systems, Vol. 30, No. 1-7, pp. 107-117, 1998.
Cheon, M. H., Choi, J. S., and Shin, Y. T., “Measuring Method of Personal Information Leaking Risk Factor to Prevent Leak of Personal Information in SNS,” Journal of the Korean Institute of Information Security and Cryptology, Vol. 23, No. 6, pp. 1199-1206, 2013.
Cho, S. and Jun, M., “Privacy Leakage Monitoring System Design for Privacy Protection,” Journal of the Korean Institute of Information Security and Cryptology, Vol. 22, No. 1, pp. 99-106, 2012.
Choi, D. S., Kim, S. H., Jo, J. M., and Jin, S. H., “Big Data Privacy Risk Analysis Technique,” Korea Institute of Information Security and Cryptology Review, Vol. 23, No. 3, pp. 56-60, 2013.
Choi, J. Y., Ha, T. G., Lee, G. S., and Won, Y. J., “Privacy Incident Response System,” Journal of the Korea Institute of Information Security and Cryptology, Vol. 19, No. 6, pp. 9-14, 2009.
Han, C. H., Chai, S. W., Yoo, B. J., Ahn, D. H., and Park, C. H., “A Quantitative Assessment Model of Private Information Breach,” The Journal of Society for e-Business Studies, Vo1. 16, No. 4, pp. 17-31, 2011.
Kim, B. M., Han, S. Y., and Kim, Y. C., “Design of Advanced HITS Algorithm by Suitability for Importance Evaluation of Web-Documents,” The Journal of Society for e-Business Studies, Vol. 8, No. 2, pp. 23-31, 2003.
Kim, E., “Privacy Detection and Risk Analysis Model,” Master’s Theses for Graduate School of Sungshin Woman’s University, 2010.
Kim, J. Y., “Analyzing Effects on Firms’ Market Value of Personal Information Security Breaches,” The Journal of Society for e-Business Studies, Vo1. 18, No. 1, pp. 1-12, 2013.
Kim, M. S., “The Study of Check-list Based on Privacy Law in Korea for Private Company,” Proceedings of the Korean Information Science Society 2010 Conference, Vol. 37, No. 2(B), pp. 37-42, 2010.
Kim, M. S., Noh, B. N., and Kim Y. M., “A Privacy Level Check Model Based on New Privacy Law in Korea,” Proceedings of the Korean Information Science Society 2011 Conference, Vol. 35, No. 1(D), pp. 118-121, 2011.
Kim, P., Lee, Y. H., and Khudaybergenov, T., “A Method for Quantitative Measuring the Degree of Damage by Personal Information Leakage,” Journal of the Korean Institute of Information Security and Cryptology, Vol. 25, No. 2, pp. 395-410, 2015.
Kleinderg, J., “Authoritative Sources in a Hyperlinked Environment,” Journal of the ACM, Vol. 46, No. 5, pp. 604-632, 1999.
Lee, G. H. and Young, J. D., “A Study of Measurement Methods and Practical Cases on Leakage Risk of Privacy Information in Private Sector,” Journal of the Korean Institute of Information Security and Cryptology, Vol. 18, No. 3, pp. 92-100, 2008.
Lee, K. S., Ahn, H. B., and Lee, S. Y., “A Study on a Prevention Method for Personal Information Exposure,” Journal of Information and Security, Vol. 12, No. 1, pp. 71-77, 2012.
Lee, S. J. and Lee, Y. J., “Development of a New Instrument to Measuring Concerns for Corporate Information Privacy Management,” Journal of Information Technology Applications and Management, Vol. 16, No. 4, pp. 79-92, 2009.
Ministry of Government Administration and Home Affairs, “Homepage Personal Information Exposure Guidelines,” p. 35, 2014.
Ministry of Public Administration and Security (MOSPA)-Korea Internet and Security Agency (KISA), “Perform Manual of Privacy Impact Assessment in Public Authorities,” pp. 78-81, 2015.
Nevermind, “Principal of Long tail, Pareto and Short tail,” [URL] http://nevermind. tistory.com/2.
Park, S. J. and Lim, J. I., “A Study on the Development of SRI(Security Risk Indicator)-Based Monitoring System to Prevent the Leakage of Personally Identifiable Information,” Journal of The Korea Institute of Information Security and Cryptology, Vol. 22, No. 3, pp. 637-644, 2012.
Ranky.com, “Professional Website Analysis/Evaluation Organization-Webpage View During Oct. 01-07, 2014,” [URL] http://www.rankey.com/.
Shin, Y. J., Jeong, H. C., and Kang, W. Y., “A Study of Priority for Policy Implement of Personal Information Security in Public Sector: Focused on Personal Information Security Index,” Journal of the Korean Institute of Information Security and Cryptology, Vol. 22, No. 2, pp. 379-390, 2012.
- There are currently no refbacks.