DOI QR코드

DOI QR Code

A Study on Technical Approach for Compliance Management Service

컴플라이언스 매니지먼트 서비스를 위한 기술적 접근에 관한 연구

  • Lee, Jun-Ho (Division of IT Infra Business, Koscom Corporation) ;
  • Oh, Hea-Seok (Division of IT, Gachon University)
  • Received : 2013.11.28
  • Accepted : 2014.01.09
  • Published : 2014.01.31

Abstract

The Financial Supervisory Institution constantly has tightened the regulation for secure electronic financial service. Information Security Consulting and Service companies are not enough to cover about 4,500 financial institutes required to comply with the regulation, and the Financial Supervisory Institution also suffers from work overload. The demand for real-time work of risk management is getting stronger. Compliance with the regulation has to be attempted with technical approach so that requirement, implementation, monitoring, and supervision are efficiently performed. And, articles have to be concluded with compliance management service. In this research used compliance management framework and IT GRC process model, have to be designed compliance management lifecycle and 34 index.

전자금융 시대를 살고 있는 지금 안전한 전자금융거래를 위해 금융감독기관의 규제가 지속적으로 강화되고 있다. 하지만 규제를 준수해야 하는 약 4,500여개 금융기관의 수에 비해 정보보호컨설팅 및 정보보호서비스 사업자의 수가 턱없이 부족하고 감독기관의 물리적 감독업무에도 상당한 업무부담이 과중되고 있다. 날로 실시간 리스크관리의 요구가 강해지고 있는바 본 논문을 통하여 규제준수에 관해 요건, 이행, 모니터링, 감독 등의 업무를 효율적으로 하기 위해 필요한 기술적 접근을 시도하고 시스템 기반의 컴플라이언스 매니지먼트를 위한 요소항목을 도출하고자 한다. 본 연구는 금융IT 컴플라이언스 매니지먼트 프레임워크와 GRC 프로세스 모델을 기반으로 연구하였고 연구결과 컴플라이언스 매니지먼트 라이프사이클과 각 라이프사이클에 따른 34개의 컴플라이언스 매니지먼트 인덱스를 설계하였다.

Keywords

References

  1. N. Racz, E. Weippl, and A. Seufert, "A process model for integrated IT governance, risk, and compliance management," Databases and Information Systems, Proc. of the Ninth Internantional Baltic Conference(DB &IS 2010), Riga University Press, Jul. 2010. pp. 155-170.
  2. Racz, N., Weippl, E. & Seufert, A.: A frame of reference for research of integrated governance, risk, and compliance (GRC). In: Proceedings of the 11th TC11 Conference on Communications and Multimedia Security (2010)
  3. PricewaterhouseCoopers: Integrity-Driven Performance. A New Strategy for Success Through Integrated Governance, Risk and Compliance Management. http://www.globalcompliance.com/pdf/PwCIntegrityDrivenPerformance.pdf (2004)
  4. Frigo, M.L., Anderson, R.J.: A Strategic Framework for Governance, Risk, and Compliance. Strategic Finance 44:1, 20-61(2009)
  5. ISO/IEC 38500:2008. Corporate governance of information technology, ISO/IEC
  6. COSO: Enterprise risk management framework. www.coso.org(2004)
  7. Taehee Kim, YoungTae Kim, Jaemo Sung "Study on Financial IT Security Compliance Framework" 35th Korea Information Processing Society Spring Conference 18 1, 2011
  8. Junho Lee, Haeseok Oh, "The Research for Financial IT Compliance Management Framework based on Cloud" Korea Society of IT Services Spring Conrerence Paper, 2013
  9. Financial Security Agency, "Report of IT Compliance Analysis on Financial Sector" 2009
  10. Financial Security Agency, "Financial IT Security Compliance Research", TTAK.KO-12.0179, TTA, 2011
  11. Telecommunication Technology Association, "Financial Information Security Compliance Framework", 2011
  12. Financial Services Commission "Standard for Information Technology Security in Financial Institutes", 2011
  13. Bank of Korea "Internet Banking Statistics 2012 in Korea", 2013