In recent years, leakage accidents of information data owned by corporations are taking place in a large number. Any leakage accidents by an insider can render the information management system of a corporation useless and drain out its internal information data. Corporations introduce safe protection measures based on the legal institution such as the access log to information data and promote the technological advancement in their efforts to deal with the problems.
This study set out to implement a reinforced monitoring system, which would integrate and manage the access log to information data and the evidence data of all kinds of security systems, detect an abnormal phenomenon such as the behavior that was the same as the prescribed leakage scenario, and thus prevent the leakage of personal information data. The study also aimed to propose ways to deal with the leakage of personal information by the internal human elements of an organization.
As for methodology, the investigator structuralized the certification control items of the Personal Information Management System (PIMS), which was introduced to manage the risks related to the protection of personal information data by organizations on an ongoing basis. They are more objective criteria as they utilize the old proven control items when setting criteria to prevent and detect the leakage risk of personal information by the acts of organizational insiders. Companies planning to obtain PIMS certification can set up a monitoring system to satisfy the requirements of PIMS, which means that they can make complex reactions to the various technological elements and management systems that can be considered to be introduced by the organizations of information protection and accordingly claim the advantage of efficiency.