• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.674-684
• /
• 2002

Anomaly detection techniques have teen devised to address the limitations of misuse detection approach for intrusion detection. An HMM is a useful tool to model sequence information whose generation mechanism is not observable and is an optimal modeling technique to minimize false-positive error and to maximize detection rate, However, HMM has the short-coming of login training time. This paper proposes an effective HMM-based IDS that improves the modeling time and performance by only considering the events of privilege flows based on the domain knowledge of attacks. Experimental results show that training with the proposed method is significantly faster than the conventional method trained with all data, as well as no loss of recognition performance.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.8
• /
• pp.269-280
• /
• 2020

The study investigates Environmental Accounting Information (EAI) as well as factors affecting the environmental accounting implementation by the construction firms listed on the Ho Chi Minh Stock Exchange (HOSE), Vietnam. After eliminating seven enterprises that lacked data, the authors selected a sample of 112 observations from 28 construction businesses listed on the Ho Chi Minh Stock Exchange in the period 2015-2018. This study uses research data extracted from the companies' annual reports. Then, the data are analyzed by Stata 13 software, including descriptive statistics, correlation coefficient analysis, regression analysis of table data using estimation methods (Pooled OLS, REM, FEM), and testing of model defects (heteroskedasticity test, multicollinearity test, autocorrelation test). The results show that construction companies listed on the Ho Chi Minh Stock Exchange have out factors affecting the environmental accounting implementation by these enterprises, including independent audit firm and listed time. While the independent auditor firm has a positive and significant impact, the listed time has a negative influence. In addition, our study has confirmed the role of institutional factors affecting the disclosure level of EAI on the implementation of environmental accounting by construction enterprises listed on the Ho Chi Minh Stock Exchange.

• Journal of Information Technology Services
• /
• v.13 no.3
• /
• pp.343-357
• /
• 2014

As science and technology infiltrates every aspects of modern society in terms of economic and social growth and development, funding for research and development (R&D) is growing rapidly. Republic of Korea is not an exception in this trend and the R&D funding in Korea has been grown about 10% every year, recently. However, as the scope and size of funding grows exponentially, need for monitoring and managing these R&D projects becoming more and more imminent. Though different types of project management systems were developed by a variety of agencies and departments and used in monitoring and managing, these systems were developed as standalone silo type systems. These systems are not connected to each other while the same researchers may involved in different projects across agencies and department. Also, these management systems are not linked to the banking systems in which real transactions of funding occurs, such as cost reimbursement and financial audit of each R&D accounts. Historically, a few fraud and malappropriation cases were found and indicted. However, as the number of these incidents grows along with the growth of R&D funding, a large scale integration/linking of project management systems and banking systems. Realizing the importance of systems integration among agencies as well as with the banking systems, situational requirements analyses were conducted concerning the current state of R&D management system. As a results, a Real-time Case Management System (RCMS) was proposed as a solution to current problems. In this paper, the collected systems requirements were documents with analyses of the situation, the architecture of the integrated systems with more user-friendly technological alternatives. This large scale linkage requires interface standardization as well as modularization of interfaces. Proposed systems architecture is introduced here with technical details of Jex Framework used,, followed by resulting technical and economic performance of the Realtime Cashflow Management System (RCMS).

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.6
• /
• pp.279-287
• /
• 2005

File integrity checking is the most reliable method to examine integrity and stability of system resources. It is required to examine the whole data whenever auditing system's integrity, and its process and result depends on administrator's experience and ability. Therefore the existing method is not appropriate to intrusion response and recovery systems, which require a fast response time. Moreover file integrity checking is able to collect information about the damaged resources, without information about the person who generated the action, which would be very useful for intrusion isolation. In this paper, we propose rtIntegrit, which combines system call auditing functions, it is called Syswatcher, with file integrity checking. The rtlntegrit can detect many activities on files or file system in real-time by combining with Syswatcher. The Syswatcher audit file I/O relative system call that is specified on configuration. And it can be easily cooperated with intrusion response and recovery systems since it generates assessment data in the standard IDMEF format.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.145-154
• /
• 2003

Current security efforts provided in such as firewall or IDS (intrusion detection system) of the network level suffer from many vulnerabilities in internal computing servers. Thus the necessity of secure OS is especially crucial in today's computing environment. This paper identifies secure OS requirements, analyzes tile research trends for secure Linux in terms of security kernel, and provides the descriptions of the multi-level security(MLS) Linux kernel which we have implemented. This security kernel-based Linux meets the minimum requirements for TCSEC Bl class as well providing anti-hacking, real-time audit trailing, restricting of root privileges, and enterprise suity management functions.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.12
• /
• pp.389-395
• /
• 2020

Earnings management is a matter of concern for organizations because it affects the interests of stakeholders. This reduces the quality of information on financial statements of the organizations when the organization performs earnings management behavior. The objective of the article is to examine the impact of corporate governance on earnings management of all Vietnamese listed banks from 2015 to 2019. The article uses time-series data and ordinary least square (OLS) with Eviews 10.0 software to test the regression model. The agency and asymmetry information theory is used to explain the relationship between corporate governance and earnings management. The study results show that two variables - the foreign members of the board of directors and audit committee - have an opposite effect on earnings management behavior of Vietnamese listed banks. Therefore, the managers of listed banks need to raise awareness to express responsibility for honest and reasonable information on the financial statements. This creates trust and credibility for stakeholders. Moreover, Central bank of Vietnam should monitor regularly and enforce strict sanctions to limit earnings management behavior of listed banks. This contributes to improving the quality of accounting information in the Vietnamese banking sector to meet the trend of international economic integration.

• International Commerce and Information Review
• /
• v.11 no.4
• /
• pp.289-312
• /
• 2009

Under the circumstance of increasing international trade volumes and limitation of customs human resources, it is necessary to shift the customs' revenue collection activities and audit method from a transaction-based approach to an account-based approach. Thus, in 1997, U.S. Customs services established the Account Management Program. The Account Management Program is designed to increase importer compliance and improve customer service through one-on-one interaction with business entities and a designated Customs representative(Account Manager). The Account Management Program is a comprehensive process that includes the following stages and activities ; selection of a potential Account, establishment of the Account, management of the Account. In 2009, Korea Customs service introduced and executed the Account Management Program. But owing to its early stages, Korea Customs service does not suggest effective direction of development of the AM program. So I can propose the following improvements of the Account Management Program in Korea. Firstly, the Account Managers have to be assigned more traders than AEOs(Authorized Economic Operators). Secondly, it is necessary that Customs service appoints part-time port Account Managers to help more traders to improve customs compliance. Thirdly, thought should be given as to Account can be expanded to encompass both small and medium enterprises(SME) by providing customs brokers managing their customs business on the behalf of the SME with the Account Managers. Lastly, Customs service has to establish performance measures and action plan for the Account Management Program.

• Journal of Information Technology Services
• /
• v.15 no.3
• /
• pp.33-50
• /
• 2016

In a dynamic IT environment, employees often utilize external IT resources to work more efficiently and flexibly. However, the use of external IT resources beyond its control may cause difficulties in the company. This is known as "Shadow IT." In spite of efficiency gains or cost savings, Shadow IT presents problems for companies such as the outflow of enterprise data. To address these problems, appropriate measures are required to maintain a balance between flexibility and control. Therefore, in this study, we developed a new information security management system called AIIMS (Advanced IT service & Information security Management System) and the Shadow IT Evaluation Model. The proposed model reflects a Shadow IT's attributes such as innovativeness, effectiveness, and ripple effect. AIIMS consists of five fields: current analysis; Shadow IT management plans; management process; education and training; and internal audit. There are additional management items and sub-items within these five fields. Using AIIMS, we expect to not only mitigate the potential risks of Shadow IT but also create successful business outcomes. Now is the time to draw to the Light in the Shadow IT.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.93-99
• /
• 2014

Cloud computing refers to borrow IT resources as needed by leveraging Internet technology and pay as much as you used by supporting real-time scalability depending on the service load. Virtualization which is the main technology of cloud computing is a technology that server, storage and hardware are regarded as not separate system but one system area and are allocated as needed. However, the security mechanisms provided by virtualized environments are difficult to cope with the traditional security mechanisms, having basic levels of visibility, control and audit function, on which the server is designed to monitor the traffic between the servers. In this paper, the security vulnerabilities of virtualization are analysed in the cloud computing environment and cloud virtualization security recommendations are proposed.

• Journal of the Korea Institute of Building Construction
• /
• v.8 no.1
• /
• pp.97-102
• /
• 2008

The report of the Korean Board of Audit and Inspection(BAI) on May 2007 indicates the problems of Life Cycle Cost (LCC) analysis and evaluation in the Design-Build(Turn-Key) and alternative bidding system. The point which the report indicates is that the cost estimation system for LCC analysis has nothing in common each other and there's no consistency among the repair cycle and ratio per facilities parts. For solving these problems, BAI demands the establishment of the guidelines for LCC analysis and evaluation from the competent authority Korean Ministry of Construction And Transportation(MOCT). The objective of this study is to develop the improvement directions for LCC analysis and evaluation which are suitable to the public construction projects especially for the Design-Build and alternative bidding system in Korea. For this study, the LCC related raws and regulations, LCC analysis guidelines of public cooperations, actual condition of LCC analysis and evaluation which include, the elements of LCC, the estimation rules of the initial cost and the maintenance cost, the analysis standards of time value of money, etc. are investigated to provide the improvement directions for LCC analysis and evaluation.