• Review of KIISC
• /
• v.15 no.1
• /
• pp.23-32
• /
• 2005

기업 활동에서 인터넷과 정보통신 시스템에 대한 의존도가 점차 심화됨에 따라 보안사고의 발생시 기업이 감당해야 할 사업적 위험도 함께 증대하고 있다. 따라서 최근 다양한 사이버 공격의 징후를 조기에 감지하고 대응함으로써 피해범위를 최소화할 수 있는 조기경보 체계의 구축에 많은 기업들이 관심을 갖기 시작했다. 하지만 조기경보 체계의 구축과 운용을 위해서는 비용과 기술적인 장애를 극복해야 한다. 본 논문은 대부분의 기업들이 네트워크에서 실시간 위협탐지를 위해 사용하는 네트워크 침입탐지 시스템(N-IDS)과 정기적인 보안감사용으로 주로 운영하는 취약점분석 시스템(VAS)을 이용하여 경제적이고, 효과적으로 사이버 공격의 징후를 신속하게 파악할 수 있는 조기경보 시스템의 설계방법을 제시하였다.

• Journal of Advanced Navigation Technology
• /
• v.18 no.5
• /
• pp.494-500
• /
• 2014

Recently the leak of personal information from in-house and contract-managed companies has been continually increasing, which leads a regular observation on outsourcing companies that perform the personal information management system to prevent dangers from the leakage, stolen and loss of personal information. However, analyzing many numbers of computers in limited time has found few difficulties in some circumstances-such as outsourcing companies that own computers that have personal information system or task continuities that being related to company's profits. For the reason, it is necessary to select an object of examination through identifying a high-risk of personal data leak. In this paper, this study will formulate a proposal for the selection of high-risk subjects, which is based on the user interface, by digital forensic. The study designs the integrated analysis tool and demonstrates the effects of the tool through the test results.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.5 no.4
• /
• pp.1-34
• /
• 2010

Recently, failure rates of Kosdaq IPO firms are increasing and their survival rates tend to be very low, and when these firms do fail, often times backed by a number of governmental financial supports, they may inflict severe financial damage to investors, let alone economy as a whole. To ensure investors' confidence in Kosdaq and foster promising and healthy businesses, it is necessary to precisely assess their intrinsic values and survivability. This study investigates what contributed to the failure of IPO firms and analyzed how these elements are factored into corresponding firms' stock returns. Failure risks are assessed at the time of IPO. This paper considers factors reflecting IPO characteristics, a firm's underwriter prestige, auditor's quality, IPO offer price, firm's age, and IPO proceeds. The study further went on to examine how, if at all, these failure risks involved during IPO led to post-IPO stock prices. Sample firms used in this study include 98 Kosdaq firms that have failed and 569 healthy firms that are classified into the same business categories, and Logit models are used in estimate the probability of failure. Empirical results indicate that auditor's quality, IPO offer price, firm's age, and IPO proceeds shown significant relevance to failure risks at the time of IPO. Of other variables, firm's size and ROA, previously deemed significantly related to failure risks, in fact do not show significant relevance to those risks, whereas financial leverage does. This illustrates the efficacy of a model that appropriately reflects the attributes of IPO firms. Also, even though R&D expenditures were believed to be value relevant by previous studies, this study reveals that R&D is not a significant factor related to failure risks. In examing the relation between failure risks and stock prices, this study finds that failure risks are negatively related to 1 or 2 year size-adjusted abnormal returns after IPO. The results of this study may provide useful knowledge for government regulatory officials in contemplating pertinent policy and for credit analysts in their proper evaluation of a firm's credit standing.

• Journal of the Society of Disaster Information
• /
• v.16 no.4
• /
• pp.768-783
• /
• 2020

Purpose: In response to the critical risk of fire due to the characteristic of Publicly used establishments(hereinafter referred to as PUE), 'Special Act on the Safety Control of PUE' was enacted in 2006 and is still in operation. However, in spite of numerous revisions so far, still there are problems to be resolved. This study analyses the regulatory regime of fire safety in UK to find measures which could fundamentally improve the safety management of PUE. Method: This study compares and analyses the safety management system of PUE in Korea and the case of the UK by using the comparative research method. Result: As a result of the qualitative analysis, some noticeable systems and concepts of the UK regulatory regime have been discovered(e.g. 'Responsible person', 'Fire risk assessment', 'Fire safety audit', etc.) and consequently, 'Proposal for the Fire Safety Management System for PUE' is designed based on the findings from examples in the UK and drawbacks of safety management of PUE. Conclusion: This study proposes the way to improve the safety management of PUE into a more rational and effective system by analysing the case of the UK, which reorganised the fire safety management to the private sector centered, in which the fire authority minimizes intervention.

• Proceedings of the Korean Institute of Industrial Safety Conference
• /
• 2002.11a
• /
• pp.365-370
• /
• 2002

근골격계 질환은 다른 질병과는 달리 직업적 특성 때문에 발생하는 질환자수가 많고 집단적으로 발생한다. 질환들의 예방활동은 단순하게 접근하거나 또는 1회 적인 예방활동으로는 원천적인 예방이 어려우므로 품질관리 시스템과 환경경영시스템을 참고하여 지속적인 관리와 더불어 조직적인 관리가 이루어 져야 한다. 이러한 목적을 달성하기 위해 사업장의 인간공학 관리시스템을 12가지 기본요소(방침 및 리더십, 조직, 계획, 책임, 평가 예방과 관리, 교육과 훈련, 의사소통, 규칙 및 절차, 내부 검사와 감사, 사고/질병 조사, 문서와 기록관리, 프로그램 평가)로 세분화하여 시행하였다. 이를 이용하여 pallet 적재방법, key hole 가공작업방법, 기판 수삽입 작업대 등을 개선한 사례를 제시하였다.

• Asia pacific journal of information systems
• /
• v.5 no.1
• /
• pp.112-128
• /
• 1995

The information system control includes organizational structure, control mechanism, and management tools which contribute to accomplish the goals of information system: asset safeguarding, data integrity, effectiveness, and efficiency. Information system audit is the process to evaluate whether the information system accomplishs the goals. Information system auditor examine the reliability of information system control and suggest recommendations to improve the information system control. Both information system control and information system audit activities contribute to prevent and detect the computer crime for the organization. This paper proposes a causal model of information system control/audit and the perceived risk of computer crime, and tests the model using a survey on 38 financial institutions in Korea. Statistical results show that information system control and audit significantly reduce the computer crime risk perceived by the user group. The general control has a stronger impact than the application control. In addition, it turns out that the greater the deviation between the importance and the actual level of information system control is, the higher the perceived risk of computer crime is.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.467-470
• /
• 2014

온라인 서비스가 증가하고 있으며, 그에 따른 개인의 서비스 계정도 늘어나고 있다. 하지만 지속적으로 늘어나는 서비스 계정의 의해, 관리의 어려움과 노출 위험성이 커지고 있다. 해결책으로 보안도 유지하면서 다양한 온라인 서비스의 종류에 구애 없이 하나의 통합된 사이트를 통해서 계정정보를 관리하면 편리할 것이다. 그래서 ID/PW 방식의 사용자 인증에 감사 가능을 결합한 본인 이력 기반 사용자 인증 방법을 제안한다. 본인이 생성한 비밀번호 이력 정보에 다양한 옵션을 설정할 수 있도록 하여 사용자 인증에 사용하고, 검증 과정에 본인이 직접 참여하는 메커니즘을 결합하여 본인 이력 기반 사용자 인증 방법이 완성된다. 제안 방식을 현재 인테넷뱅킹에서 사용 중인 인증 방식들과 보안성을 비교 검증하였다.

• The Korean Journal of Archival Studies
• /
• no.25
• /
• pp.3-46
• /
• 2010

Digital records management is one whole system in which many social and technical elements are interacting. To maintain the trustworthiness, the repository needs periodical audit and certification. Thus, individual electronic records management agency needs toolkit that can be used to self-evaluate their trustworthiness continuously, and self-assess their atmosphere and system to recognize deficiencies. The purpose of this study is development of self-certification toolkit for repositories, which synthesized and analysed such four international standard and best practices as OAIS Reference Model(ISO 14721), TRAC, DRAMBORA, and the assessment report conducted and published by TNA/UKDA, as well as MoRe2 and current national laws and standards. As this paper describes and demonstrate the development process and the framework of this self-certification toolkit, other electronic records management agencies could follow the process and develop their own toolkit reflecting their situation, and utilize the self-assessment results in-house. As a result of this research, 12 areas for assessment were set, which include (organizational) operation management, classification system and master data management, acquisition, registration and description, storage and preservation, disposal, services, providing finding aids, system management, access control and security, monitoring/audit trail/statistics, and risk management. In each 12 area, the process map or functional charts were drawn and business functions were analyzed, and 54 'evaluation criteria', consisted of main business functional unit in each area were drawn. Under each 'evaluation criteria', 208 'specific evaluation criteria', which supposed to be implementable, measurable, and provable for self-evaluation in each area, were drawn. The audit and certification toolkit developed by this research could be used by digital repositories to conduct periodical self-assessment of the organization, which would be used to supplement any found deficiencies and be used to reflect the organizational development strategy.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.37-42
• /
• 2015

Although online search engine service provide a convenient means to search for information on the World Wide Web, it also poses a risk of disclosing privacy. Regardless of such risk, most of users are neither aware of their personal information being exposed on search results nor how to redress the issue by requesting removal of information. According to the 2015 parliamentary inspection of government offices, many government agencies were criticized for mishandling of personal information and its leakage on online search engine such as Google. Considering the fact that the personal information leakage via online search engine has drawn the attention at the government level, the online search engine and privacy issue needs to be rectified. This paper, by examining current online search engines, studies the degree of personal information exposure on online search results and its underlying issues. Lastly, based on research result, the paper provides a sound policy and direction to the removal of exposed personal information with respect to search engine service provider and user respectively.

• Information Systems Review
• /
• v.8 no.1
• /
• pp.223-239
• /
• 2006

In digital economy, information systems are recognized as the most critical survival factor of companies. Companies must launch and expand business based on information systems either developed newly or adopted as ERP. However, successful information systems operation shall face many realistic problems. Especially most small and medium enterprises experience many difficulties in systems operation or even give up operating information systems due to unexpected operational problems. This paper suggests a framework for effective information systems operation for small and medium enterprises. The framework is designed through case studies, consisting of service framework, auditing framework, and risk management framework. It is expected that the framework contributes to successful information systems operation in small and medium enterprises.