Browse > Article
http://dx.doi.org/10.9717/kmms.2015.18.2.218

A Study on the Information Security Control and Management Process in Mobile Banking Systems  

Kim, So Young (Dept. of Information Systems, Pukyong Nat. Univ.)
Kim, Myong Hee (Dept. of IT Convergence and Application Engineering, PuKyong Nat. Univ.)
Park, Man-Gon (Dept. of IT Convergence and Application Engineering, PuKyong Nat. Univ.)
Publication Information
Journal of Korea Multimedia Society / v.18, no.2, 2015 , pp. 218-232 More about this Journal
Abstract
According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.
Keywords
Fault Mechanism; Hazard Factors; Information Security; Mobile Banking Process; Risks and Vulnerabilities; Security Threats Factors;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, Wiley Publishing, Indianapolis, Indiana, 2008.
2 J. H. Lee, “Usage and Problems of Authentication Certificate on Smart Environment,” Journal of Internet and Security Focus, Korea Internet and Security Agency, Vol. 3, pp. 23- 53, 2013.
3 H. R. Yeom, A Research on Security Criteria for Extension to Electronic Authentication Method Usage-Based, KISA-WP-2011-0019, Research Report of the Korea Internet & Security Agency, 2011.
4 S. M. Jang and M. G. Park, “A Study on the Fault Analysis and Security Assessment for Smart Card Management System,” Journal of Korea Multimedia Society, Vol. 17, No. 1, pp. 52-59, 2014.   DOI
5 Securing the Network Perimeter of a Community Bank, http://www.sans.org/readingroom/whitepapers/firewalls/securing-network-perimeter-community-bank-33248 (accessed on November 12, 2014).
6 A. Silberschatz, P. B. Galvin, and G. Gagne, Operating System Concepts, 7th Edition, John Wiley and Sons, Inc., Hoboken, New Jersey, 2005.
7 Data Classification of Information Security Glossary (2014), RUsecureTM Security Policy World, http://www.yourwindow.to/information-security/gl_dataclassification.htm (accessed on November 12, 2014).
8 Database Security of Enterprise Risk Management (2010), http://www.emrisk.com/sites/ default/files/newsletters/ERMNewsletter_ March_2010.pdf (accessed on Nov., 12, 2014).
9 W .C. Preston, Executive Brief on VMware Backup and Recovery: Challenges and Solutions, VMware® Partner, 2011.
10 W. C. Preston, Backup Hardware, Backup & Recovery, O’Reilly®, Canada, 2007.
11 H. G. Shin, “Year 2014 Predictive Analysis of Information Security Trends in Banking IT,” Journal of P ayment Settlement and IT, Korea Financial Telecommunications and Clearings Institute, Vol. 55, pp. 90-126, 2014.
12 Security of Mobile Banking and Payments, http://www.sans.org/reading-room/whitepapers/ecommerce/security-mobile-banking-payments-34062 (accessed on Oct., 24, 2014).
13 M. H. Kim, W. Toyib, and M.G. Park, “An Integrative Method of FTA and FMEA for Software Security Analysis of a Smart Phone,” Korean Information Processing Society Transactions on Computer and Communication Systems, Vol. 2, No. 12, pp. 541-552, 2013.
14 K. H. Lee and Y. Y. Kim, “The State of Mobile Banking Service in Domestic Banks,” Journal of Information and Communication Policy, Korea Information Society Development Institute, Vol. 14, No. 18, pp. 2-15, 2002.
15 C. S. Park, “The Policy Direction of Smart Security,” Journal of the Telecommunication Technology Association, Vol. 133, pp. 23-27, 2011.
16 S. W. Na, Y. H. Lee, and S. J. Ji, Security Issue and Counterstrategies of Smartphone and Mobile Office, CIO Report of National Information Society Agency, 2010.
17 B. K. Lee, A Research on Discovering New Vulnerabilities and Analyzing Methods in Domestic Mobile Environment, KISA-WP-2012-0009, Research Report of the Korea Internet & Security Agency, 2012.
18 J. C. Ryu, A Study of Malware Detection Based on Mobile OS, KISA-WP-2010-0057, Research Report of the Korea Internet & Security Agency, 2010.
19 K. Streff and J. Haar, “An Examination of Information Security in Mobile Banking Architectures,” Journal of Information Systems Applied Research, Vol. 2, No. 2, pp. 1-16, 2009.
20 H. Y. Min, J. H. Park, D. H. Lee, and I.S. Kim, “Outlier Detection Method for Mobile Banking with User Input Pattern and E-finance Transaction Pattern,” Journal of Internet Computing and Services, Vol. 15, No. 1, pp. 157-170, 2014.   DOI
21 J. Nie and X. Hu, “Mobile Banking Information Security and Protection Methods,” Proceeding 2008 International Conference on Computer Science and Software Engineering, pp. 587-590, 2008.
22 H. G. Shin, “Year 2013 Predictive Analysis of Information Security Trends in Banking IT,” Journal of P ayment Settlement and IT, Korea Financial Telecommunications and Clearings Institute, Vol. 51, pp. 581-86, 2013.
23 J. S. Seong, “A Study on the Prevention of Security Incident,” Journal of Security Engineering, Vol. 9, No. 6, pp. 503-510, 2012.
24 Certified Information System Banker-Rules and Syllabus (2007), Indian Institute of Banking and Finance, http://www.iibf.org.in/documents/ceisb-module1.pdf (accessed on Nov., 20, 2014).
25 K. Biri and G. M. Trenta, Corporate Information Security Governance in Swiss Private Banking, Master’s Thesis of Executive MBA Program of the University of Zürich, 2004.