• Journal of the Korea Society of Computer and Information
• /
• v.18 no.1
• /
• pp.157-166
• /
• 2013

This study searches a transparency of financial management of Local government and then, tries to find a solutions to a management scheme to strengthen financial reform effectively. To summarize main contents: First, requirement of continued Public Accounting System. Second, contact of items of an account and items of a program budget, Third, requirement of construction cost accounting to estimate total cost inputting to public program objectively. Forth, improvement of rotation assign system and guaranteeing to professionalism and public official ethics. Fifth, requirement of strengthening inter-control and monitoring system. Sixth, auditing and role of accounting specialist group. Finally, construction of effective and practical computer system and continuing practice of R&D program.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.253-261
• /
• 2020

This study examines the technologies and application processes related to the use of pseudonym data of companies after the passage of the Data 3 Act to activate the data economy in earnest, and what companies should prepare to use pseudonym data and what will happen in the process It was intended to contribute to the elimination of uncertainty. In the future, companies will need to extend the information security management system from the perspective of the existing IT system to manage and control data privacy protection and management from a third party provisioning perspective. In addition, proper pseudonym data use control should be implemented even in the data use environment utilized by internal users. The economic effect of market change and heterogeneous data combination due to the use of pseudonymized data will be very large, and standards for appropriate non-identification measures and risk assessment criteria for data utilization and transaction activation should be prepared in a short time.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.4
• /
• pp.153-162
• /
• 2009

Innovation, especially business process innovation, has evolved into a core focus area for all successful organizations. To ensure long-tenn survival, an enterprise must place innovation at the top of daily business operations to drive desired revenue stability and growth. Business Process Innovation is a key success factor for the next generation enterprise. Companies need to nurture an environment that encourages and enables process innovation. Business Process Management (BPM) must become the focal point of innovation initiatives. But the most BPM solutions are for large company. The cost is too high to build for small and medium sized company. We need the light and easy BPM solution for small and medium sized company. In this paper, we introduce the SESS which is BPM solution for small and medium sized company.

• Journal of the Society of Disaster Information
• /
• v.19 no.1
• /
• pp.204-215
• /
• 2023

Purpose: In this study, it was proposed a plan to build the Continuous Preventive Audit System in the military Organization with the expectation that we will develop an efficient audit method under the rapidly changing audit and work environment in the future. Method: it was examined the realities and problems of the military self-audit, the cases of the Continuous Preventive Audit System currently being used by government departments and institutions and internal control inspection of the information system of the Foreign Audit Office. Result: Government departments, agencies, and foreign auditors have established a Continuous Preventive Audit System to overcome the problems and limitations of their own audits, ensuring accounting accident prevention and audit work efficiency and are focused on auditing internal controls of information systems. Conclusion: In the future, more specific studies on the design of detailed scenarios for each function of defense work and the research and analysis on the improvement of defense information system should be followed for the establishment and settlement of a more specific Continuous Preventive Audit System.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.501-519
• /
• 2017

With the revolution of IT technology, cyber threats and crimes are also increasing. In the recent years, many large-scale APT attack executed domestically and internationally. Specially, many of the APT incidents were not recognized by internal organizations, were noticed by external entities. With fourth industrial revolution(4IR), advancement of IT technology produce large scale of sensitive data more than ever before; thus, organizations invest a mount of budget for various methods such as encrypting data, access control and even SIEM for analyzing any little sign of risks. However, enhanced intelligent APT it's getting hard to aware or detect. These APT threats are too much burden for SMB, Enterprise and Government Agencies to respond effectively and efficiently. This paper will research what's the limitation and weakness of current defense countermeasure base on Cyber Kill Chain process and will suggest effective and efficient APT defense operation model with considering of organization structure and human resources for operation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.447-448
• /
• 2021

The boundary-based security architecture has the advantage of easy deployment of security solutions and high operational efficiency. The boundary-based security architecture is easy to detect and block externally occurring security threats, but is inappropriate to block internally occurring security threats. Unfortunately, internal security threats are increasing in frequency. In order to solve this problem, a zero trust model has been proposed. The zero trust model requires a real-time monitoring function to analyze the behavior of a subject accessing various information resources. However, there is a limit to real-time monitoring of file access of a subject confirmed to be trusted in the system. Accordingly, this study proposes a method to monitor user's file access in real time. To verify the effectiveness of the proposed monitoring method, the target function was verified after the demonstration implementation. As a result, it was confirmed that the method proposed in this study can monitor access to files in real time.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.93-99
• /
• 2014

Cloud computing refers to borrow IT resources as needed by leveraging Internet technology and pay as much as you used by supporting real-time scalability depending on the service load. Virtualization which is the main technology of cloud computing is a technology that server, storage and hardware are regarded as not separate system but one system area and are allocated as needed. However, the security mechanisms provided by virtualized environments are difficult to cope with the traditional security mechanisms, having basic levels of visibility, control and audit function, on which the server is designed to monitor the traffic between the servers. In this paper, the security vulnerabilities of virtualization are analysed in the cloud computing environment and cloud virtualization security recommendations are proposed.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2007.11a
• /
• pp.58-63
• /
• 2007

Recently, as the management environments are changing rapidly and the uncertainty is becoming larger, the needs of internal control for management and IS become stronger. In order to construct a new internal control system for IS, it is necessary to evaluate the former research of the system. This study emphasizes the importance of effective internal control system, presents a conceptual framework for the preceding factors to consider, and verifies empirically the framework. This study sets the organization citizenship behavior, IS innovation resistance, and IT capability from the viewpoint of Socio-Technical system as the preceding factors for the effectiveness of internal control system. A research model, affecting the above factors on IS capability as a mediating variable of the internal control effectiveness for the use of IS, is set up. PLS-Graph 3.0 is used to verify the model. We found that the internal control effectiveness have affirmative effect on information capability, a surrogate variable of the IS effectiveness and a mediation effect is meaningful.

• Korean Management Science Review
• /
• v.21 no.1
• /
• pp.57-76
• /
• 2004

The development of informational technology has lead to a sharp change in not only the existing way of operations and management, but the way of human life or thinking as well. Those shifts of the paradigm in information technology have also affected Individuals to the organizational structure. A series of unexpected problems was, however, accompanied by the advance in informational technology, which had broaden its own area of application. Those problems include the losses of property or data the malfunction of systems and their wastefulness would result in, continuous increases in computer crimes, reliability and efficiency of the functional process with the development of information systems, such as the processing problems of inaccurate data, economical issues, and subjects related to safety, as interruptions of privacy, which would result from lots of one's exposure to the drains of personal information. Accordingly, Auditors' roles of information systems, for now, is more important than anything else in that they are responsible for the objective assessment of relevance and effectiveness of internal control systems under the environment of information systems. The objective of the study is, so as to obtain safety of information systems： First, to provide data to line-design internal control systems after finding internal control factors to prevent and eliminate the risks of information systems. Second, to evaluate the priorities of internal control factors with their effective management being considered as the key to settle the problems of risks of information systems. Third, to discriminate what factors affect In evaluating the relative degrees of Importance of internal control factors.