• Management & Information Systems Review
• /
• v.34 no.5
• /
• pp.277-293
• /
• 2015

Mutual Savings Banks generally have weaker governance structure than other financial institutions, so the possibility of earnings management by owner-largest or managements of mutual savings banks is higher than other financial institutions. This study examines the relationship between corporate governance and quality of internal control of financial reporting. If the expropriation of minority shareholder hypothesis holds, we predict that the larger block shareholder in mutual savings banks, the weaker the internal control system by more likely the opportunistic earnings management by bank managers. On the other hand, under the convergence of interest hypothesis, we predict that the larger block shareholder in mutual savings banks, the stronger the internal control system by reduction in agency costs as owner-manager's holdings increases, and there a negative relationship is expected between internal control weakness and the holdings of the owner-largest shareholder. We find that mutual savings banks with higher owner-largest shareholder equity has significant positive relations with their internal control of financial reporting material weakness. This result suggests that the greater owner-largest shareholder equity, the more likely the opportunistic earnings management, so that decrease quality of internal control. This paper extends the literature on financial institutions corporate governance to verify whether governance system, especially, owner-largest and quality of internal control has significant positive relations.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.283-290
• /
• 2015

As society has evolved to the knowledge and information society, the importance of internal information of the company has increased gradually. Especially in financial institutions which must maintain the trust of customers, the disclosure of inside information is a big problem beyond the a company's business information disclosure level to break down sales-based businesses because it contains personal or financial transaction information. Recently, since massive outflow of internal information are occurring in several enterprises, many companies including financial companies have been working a lot in order to prevent the leakage of customer information. This paper describes the internal information leakage incidents occurred in the finance companies, the PC security vulnerabilities exists despite the main security system and internal information leakage prevention and suggests countermeasures against increasing cyber infringement threats.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.7 no.4
• /
• pp.97-106
• /
• 2008

This proposed system is a part of internal control system that national highway need to support their ITS information audit. This paper explains the design and implementation of a packet interceptor and a DB query analyzer. The packet interceptor sniffs users' query packets, and then the DB query analyzer parses the SQL queries and stores the users' DB access information such as SQL queries, access data and changing data. The information may be used as the evidences on internal control of users and users' accesses.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.101-114
• /
• 2011

As it seems like critical information leakages have been increasing due to industrial espionage and malicious internal users, the importance of introducing audit and log security technology is growing every now and then. In this paper, we suggest the session logging system for the company's internal control to meet the SOX legislation level, by monitoring and analyzing users behaviors connecting to the business-critical Operating System. The system proposed in this paper aims to monitor the user's illegal activities in the Operating System, and to present the clear evidence of purpose of those activities by detailed logs. For this purpose, we modified Operating System by adding multiple services suggested in this paper. These services utilize interfaces provided by the existing Operating System and add functions to control access and get logs. The system saves and manages session logs of users or administrators connected to the server with centralized log storage. And the system supports session log searching and lookup features required by SOX legislation for the company's internal controls with the level of computer forensics and logging technology.

• Proceedings of the Korean Society for Cognitive Science Conference
• /
• 2000.06a
• /
• pp.133-137
• /
• 2000

구문태그가 부착되지 않은 코퍼스를 사용하여 문법규칙의 확률을 훈련하는 비통제 학습(unsupervised learning) 방법의 대표적인 것이 CNF(Chomsky Normal Form)의 CFG(Context Free Grammar)를 입력으로 하는 inside-outside 알고리즘이다. 본 연구에서는 의존문법을 CNF로 변환하는 기법에 대해 논하고 의존문법을 위해 변형된 inside-outside 알고리즘을 논한다. 또한 이 알고리즘을 사용하여 실제 훈련한 결과를 보이고, 의존규칙과 구문구조 확률을 같이 사용하는 hybrid방식 구문분석기에 적용한 결과를 보인다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.771-772
• /
• 2017

내부 정보 유출 사고의 빈도가 높아지게 되면서 이러한 내부 정보 유출을 막기 위해 DLP(Data Loss Prevention), DRM(Digital Rights Management), DB 접근 통제 솔루션, 인터넷 접근 차단 솔루션과 같은 여러 가지 보안 솔루션을 적용하고 있으나, 내부 정보 유출을 시도하는 개인의 행동을 기반으로 개인을 탐지한다는 문제점을 가지고 있다. 본 논문에서는 개인이 아닌 조직으로 이루어진 내부 정보 유출의 행위를 탐지하고 대응하기 위해 보안로그를 위험 사용자들끼리 그룹화 하여 내부 정보 유출 여부를 판단하는 시스템을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.476-478
• /
• 2014

시간과 장소에 구애받지 않고 인터넷을 이용할 수 있는 환경이 보편화됨에 따라 BYOD 환경이 도입되면서 외부에서도 개인 단말기기를 통해 업무를 처리하는 모습을 어렵지 않게 볼 수 있다. 이처럼 BYOD는 점차 기업 문화의 한 트렌드로 받아들여지고 있다. 반면에, 그에 따른 보안 위협에 대해서는 신중하게 접근해야 한다. 기존에는 기업 내부 기밀 정보의 외부 유출이 엄격히 관리되었으나, BYOD 환경이 도입됨에 따라 내부 정보 유출에 대한 통제가 어려워졌다. 또한 공개 Wi-Fi 등 보안이 취약한 공용 네트워크를 통해 기업 내부 서비스에 접속할 경우 해킹에 따른 보안 위협도 무시할 수 없다. 이러한 보안 위협에 대처하기 위해서는 근본적으로 사용자의 모든 행위에 대해 상황을 인식하고 관리해야 한다. 본 논문에서는 BYOD 환경에서 사용자의 기업 내부 서비스 접속 및 이용에 따른 모든 상황을 단위 정보로 정의함으로써 상황을 인식하는 방안을 제안한다. 이렇게 정의된 정보는 기업 내부 보안 정책 수립, 비정상 행위 탐지 등에 활용 될 수 있다.

• Journal of Digital Convergence
• /
• v.20 no.3
• /
• pp.35-40
• /
• 2022

With the advent of the internet age and the outbreak of COVID-19, many companies have embraced online trade. However, due to the way the cyber economy works, the number of companies engaged in financial fraud by falsifying their transaction amounts and customer numbers has been gradually increasing. The purpose of this study is to analyze financial fraud of companies in the Internet era and to present solutions. Therefore, this study analyzed the financial fraud behavior of Luckin Coffee in China as an example and studied the causes and countermeasures of financial fraud. As a result, it was found that the cause of financial fraud lies in the opacity of cash flows from online transactions. The recommendations proposed by this study is to improve internal control systems in companies, develop risk management system, and establish comprehensive external supervision system

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.259-273
• /
• 2016

After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.

• Korean Security Journal
• /
• no.20
• /
• pp.291-311
• /
• 2009

Amid intensified global competition, securing high technologies is becoming a prerequisite towards achieving developed nation status. Korea has made tremendous efforts into developing technologies for decades and it has now obtained a leading position in many fields. As a result, however, Korea has become a major target of industrial espionage and not a few Korean businesses have already suffered from it. In order to effectively counter industrial espionage, this research explores the use of polygraph security screening as an internal control method through literature review, and discusses matters which need to be considered before the introduction of it into Korea, focusing on the accuracy of security screening. Since polygraph security screening generates deterrent effect by increasing certainty and celerity of punishment, it makes a valuable contribution to the control of industrial espionage. However, the most important problem with the use of the polygraph in security screening is errors of the examination. Thus, polygraph security screening should be used as a part of comprehensive security management program to reduce the possibility of errors. In addition, because factors such as countermeasures and examiner's experience are known to influence the accuracy of the examination, the issues surrounding them should also be addressed.