Information Security in IIA (Chang, Kim, Kwon, & Han, 2007)

Construction of the Incheon International Airport (IIA) was completed in December 2000. With two major runways and a passenger terminal of 496,000 . Recently, the IIA was selected as the best airport worldwide by ACI and IATA in 2005. Airport security can be classified into two categories: facility security and computer security. The physical facilities of the IIA are well protected by the airport security force that is in charge of the fences around the air- port, passenger terminal, transportation center, auxiliary facilities and free economic zone. The computer information security system has become more complex because most corporations like Incheon International Airport Corporation (IIAC) uses an integrated information system which shares information through intranet, groupware, knowledge management system and electronic document management system. Different aspects of information system in IIA are described below:

Real-time Encryption of User Files and Folders

Information created by users must be encrypted selectively or compulsorily according to the corporations information security policy. If a separate security folder is designated and the access right policy is defined, all information stored in the security folder should be encrypted automatically. In addition, information in the subfolders of the security folder should be encrypted in the same way. Information copied or moved to other folders should remain as encrypted. The standard documents stored in the central computer server should be controlled by an individual users access level.

Real-time Authentication of Users Access Right

All users should be given appropriate levels of access right depending on their status within corporation with respect to reading, editing, printing, releasing, effective date, and auto destruction. The user authentication should be performed in a real-time to verify his/her level of access right. When multiple users at different levels of access right collaborate on the same project, the original data used to create information should be protected separately.

Watermarking to Printouts

When the confidential information is printed, all printouts should contain watermarking so that printing activities can be monitored. The image of the output should be then sent to the management server which would record the document ID, the staff ID who printed and the time of printing and show on the output.

Security Code to Mobile Storage Devices

The information security protection system can apply a lock on all files created by a user but it will be cumbersome for a user to unlock all of his files most of which may not be considered confidential. Therefore, it is difficult to prevent an internal user who originally created the document without a security protection from copying it into his mobile storage devices such as floppy disks, USB memory disks, CD-RW, and PDA. To prevent an illegal release of the confidential document through such external devices, it is necessary for the corporation to limit a user from using his/her personal devices. The information security system should assign the security code to all external devices including as laptop computers.

Security File for Outside Transmission

Although it is possible to control the document among internal users, when collaborating with people external to the corporation, it is not possible to share the encrypted files. Therefore, a user authentication and his/her access control level should be transmitted along with the encrypted file in the form of the executable file format. When the external user runs the executable file the file can be accessed without installing a separate program in his computer. For external (or internal) users, the file will be preset with the maximum allowed number of access along with the expiration date. If the external user tries to use the file after exceeding the allowed number of access in an allowed time period, the file will be automatically destroyed.

1. Why IIA cares about security of information?

2. What aspects are considered to ensure about the security of information in IIA?

3. How IIA will be jeopardized in case of neglecting information security issues?