• Journal of Science and Technology Studies
• /
• v.15 no.1
• /
• pp.281-325
• /
• 2015

In this paper, we continue our previous study on the differences, similarities and interfaces between the various models of scientific governance discussed in STS and those in risk governance developed by risk studies. In the previous paper we illuminated that theoretical differences among STS scholars on scientific governance and public participation goes back to the 1970s and 1980s, during which they first laid down the conceptual basis of STS. In this paper we investigate how these divergent positions among STS scholars influenced their evaluations of precautionary principle and the framework of risk analysis (especially the separation between risk assessment and risk management), which are the two main paradigms in the area of risk regulation. By doing that, this paper will show divergent positions of STS scholars on risk analysis and precautionary principle. Further, we will suggest some theoretical and practical interfaces between STS and risk governance models.

• Journal of Technology Innovation
• /
• v.21 no.3
• /
• pp.1-39
• /
• 2013

This article explores the risk governance of nanotechnology in Korea in light of a regulatory law approach, a soft law approach, and a participatory governance approach. The risk governance of nanotechnology in Korea has three characteristics. First, there are many existing regulatory laws that can be applied to the regulation of nanotechnology. However, these laws have exemptions, the extent of which are larger than that of the Europe and the United States. Second, the soft law approach is the most prevalent risk policy in Korea at present, but is limited because it is being driven by the government without active, voluntary participation of relevant companies. Third, no case of participatory governance took place when it comes to nanotechnology technology assessment. As policy recommendations to improve Korean nanotechnology risk governance, this article suggests pre-market screening, mandatory governmental registration of nanomaterials, transition management of code of conduct, and the design of interdisciplinary research and development project for real-time technology assessment.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.2
• /
• pp.103-108
• /
• 2012

Recently, IT Governance has been applied to business management environment. In this paper, we study business model that can minimize information security risk using IT governance in cloud computing environment. Especially, we propose the interaction model that link risk management for subject of information security governance. In our model, synergy means the effective, strategic and secure business support. And interaction analysis of BMIS's 4 elements and 6 dynamic interconnections is required. Therefore we propose interaction model which can link risk management based on COSO ERM or COBIT Risk IT Framework.

• Journal of Science and Technology Studies
• /
• v.3 no.1 s.5
• /
• pp.75-103
• /
• 2003

The technological risk has two major aspects. The one is technological aspect of the risk which consists of rules of nature and rational behaviors of humans. The other is social aspect of risk which consists of human values and nonrational and emotional behaviors of humans. So the technological risks should be called and treated as the technological and social risks. Because of these, not only technological professionals but also public people should have the chance to participate in the management of technological risks.

• Journal of Korean Library and Information Science Society
• /
• v.46 no.4
• /
• pp.325-354
• /
• 2015

Corporate information has great value, but also poses great risk. Information governance is an organization's coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value. This study aims to suggest the directions of implementing information governance in business firms based on analyses of Sedona Conference Principles of Information Governance. After analysing and reformulating the principles into control standards, and they are investigated and interpreted in terms of practicing information governance.

• Journal of Technology Innovation
• /
• v.24 no.4
• /
• pp.159-191
• /
• 2016

In order to deal with uncertainty and conflicting interests in technological risk policy-making, various participatory decision-making models have been practiced. This participatory approach is an alterative to the traditional process of science and technology policy-making where scientific experts provide evidence and government officials make decisions. However, there still remain different opinions on who should play what kind of role in decision-making process. Therefore this paper examines the division of labour in the public deliberations for radioactive waste management policy carried out in the UK and Korea. It discusses the ways in which various actors are defined, and the rationales are employed for allocating actors to certain roles and participatory methods. In so doing, this paper unfolds the ways in which the participatory decision-making process for risk governance is delivered in real policy context. Similarities and differences revealed in the division of labour of two cases contribute to development of radioactive waste management policy and the policy instruments for risk governance.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.10 no.1
• /
• pp.81-94
• /
• 2015

The purpose of this study is to find ways to build a desirable risk governance to respond to these uncertainties like such as increased risk due to the rapid development of modern science and technology in S. Korea. This study is about model of risk communication with scientific technology for additional construction of nuclear power plants. This study analyzed risk communication with scientific technology through new explanatory models between approval opinions of scientific professional group and opposition opinions of the public with Kori nuclear power plant of S. Korea. And then This study investigated related system for policy promotion in the field of nuclear energy of the current S. Korea. Consequently, Governance to strengthen the negotiations on nuclear technology at the time of the interaction in risk communication have been identified and the future of policy direction of the Korean Standard Nuclear Power Plant was detected.

• Journal of Korean Society of societal Security
• /
• v.1 no.1
• /
• pp.69-79
• /
• 2008

Operational continuity is not a simple issue that can be solved by a Back-Up center or an alternate site. Strategic issues including law, standards, etc demand a new approach in terms of the operational continuity management (OCM). Also, it is necessary to develop a new framework of OCM governance as a part of the corporate governance. Experts from corporate governance insist that OCM can be included in the corporate operational control and so it is important to set up a strategy for OCM in the organization. This paper describes how OCM governance suggests two aspects of effectively controlling corporate risks in the viewpoint of corporate governance. First of all, the top corporate management develops the strategy of operational continuity with regard to the corporate governance. Secondly, there is the aspect of how to build up and manage the strategy of operational continuity in the corporations.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1724-1727
• /
• 2012

기업들은 ITIL 기반의 IT 서비스 관리체계 도입으로 IT 서비스에 대한 객관적인 가치 평가를 기대하고 도입한다. 하지만 기업들의 IT 서비스 관리체계의 성과지표들은 관리 중심적인 성과모델로써 가치 평가보다는 IT 운영 관리 중심으로 활용되고 있으며, IT 거버넌스의 전략적 의사결정을 위한 가치 연계와 책임 추적성, 성과 측정 및 위험 관리를 지원하지 못하고 있다. 가치 중심의 성과지표 모델을 통해 IT 거버넌스를 지원하고, 기업의 지속적이고 체계적인 투자관리를 통해 기업 가치 향상과 투명한 IT 투자에 기여하길 기대한다.

• Journal of Information Technology and Architecture
• /
• v.10 no.4
• /
• pp.451-466
• /
• 2013

기업들은 정보기술 리스크(IT Risk)에 대하여 어떻게 대처하고 있을까? 금융기관이나 공공기관은 태생적으로 이미 위험관리를 적극적으로 수행하고 있다. 정보기술에 대한 위험관리도 지난 10년동안 전산망 마비, 해킹 사고, 디도스 공격, 고객정보 유출 등을 겪으면서 적극적으로 대응해 왔다. 특히 2011년 농협사태는 IT 성과보다는 IT 보안을 훨씬 중요하게 보는 계기가 되었다. IT 보안 인력과 예산이 대폭 강화되고 망분리 사업이 추진되는 것이 대표적인 사례이다. 하지만 그동안 IT 위험관리는 특정 기술에 대한 사전 대응 및 사후 대응 강화에 집중되었다. 현재 IT 위험관리는 단편적 관리에서 종합적 관리로 전환되고 있다. 최근에 많은 기업들이 전사 차원의 정보기술 리스크 거버넌스(IT Risk Governance) 체계를 구축하고 있거나 구축하는 계획을 갖고 있다. 하지만 아직도 IT보안은 전사적으로 통합되지 못하였으며, IT 위험관리 프로세스는 조직에 내재화 되지 못 하였고, IT 성과관리와 연계성은 고려하지 못하고 있다. 본 논문에서는 IT 관리와 기술을 효과적으로 연계하기 위하여, 그리고 IT 성과와 IT 위험을 균형되게 관리하기 위하여 엔터프라이즈아키텍처(EA: Enterprise Architecture) 활용을 제안하고자 한다.