• 한국정보과학회논문지:정보통신
• /
• 제29권6호
• /
• pp.674-684
• /
• 2002

기존 침입탐지시스템에서는 구현의 용이성 때문에 오용침입탐지 기법이 주로 사용되었지만, 새로운 침입에 대처하기 위해서는 궁극적으로 비정상행위탐지 기법이 요구된다. 그 중 HMM기법은 생성메커니즘을 알 수 없는 이벤트들을 모델링하고 평가하는 도구로서 다른 침입탐지기법에 비해 침입탐지율이 높은 장점이 있다. 하지만 높은 성능에 비해 정상행위 모델링 시간이 오래 걸리는 단점이 있는데, 본 논문에는 실제 해킹에 사용되고 있는 다양한 침입패턴을 분석하여 권한이동시의 이벤트 추출방법을 이용한 모델링 기법을 제안하였고 이를 통하여 모델링 시간과 False-Positive 오류를 줄일 수 있는 지 평가해 보았다. 실험결과 전체 이벤트 모델링에 비해 탐지율이 증가하였고 시간 또한 단축됨을 알 수 있었다.

• The Journal of Asian Finance, Economics and Business
• /
• 제7권8호
• /
• pp.269-280
• /
• 2020

The study investigates Environmental Accounting Information (EAI) as well as factors affecting the environmental accounting implementation by the construction firms listed on the Ho Chi Minh Stock Exchange (HOSE), Vietnam. After eliminating seven enterprises that lacked data, the authors selected a sample of 112 observations from 28 construction businesses listed on the Ho Chi Minh Stock Exchange in the period 2015-2018. This study uses research data extracted from the companies' annual reports. Then, the data are analyzed by Stata 13 software, including descriptive statistics, correlation coefficient analysis, regression analysis of table data using estimation methods (Pooled OLS, REM, FEM), and testing of model defects (heteroskedasticity test, multicollinearity test, autocorrelation test). The results show that construction companies listed on the Ho Chi Minh Stock Exchange have out factors affecting the environmental accounting implementation by these enterprises, including independent audit firm and listed time. While the independent auditor firm has a positive and significant impact, the listed time has a negative influence. In addition, our study has confirmed the role of institutional factors affecting the disclosure level of EAI on the implementation of environmental accounting by construction enterprises listed on the Ho Chi Minh Stock Exchange.

• 한국IT서비스학회지
• /
• 제13권3호
• /
• pp.343-357
• /
• 2014

As science and technology infiltrates every aspects of modern society in terms of economic and social growth and development, funding for research and development (R&D) is growing rapidly. Republic of Korea is not an exception in this trend and the R&D funding in Korea has been grown about 10% every year, recently. However, as the scope and size of funding grows exponentially, need for monitoring and managing these R&D projects becoming more and more imminent. Though different types of project management systems were developed by a variety of agencies and departments and used in monitoring and managing, these systems were developed as standalone silo type systems. These systems are not connected to each other while the same researchers may involved in different projects across agencies and department. Also, these management systems are not linked to the banking systems in which real transactions of funding occurs, such as cost reimbursement and financial audit of each R&D accounts. Historically, a few fraud and malappropriation cases were found and indicted. However, as the number of these incidents grows along with the growth of R&D funding, a large scale integration/linking of project management systems and banking systems. Realizing the importance of systems integration among agencies as well as with the banking systems, situational requirements analyses were conducted concerning the current state of R&D management system. As a results, a Real-time Case Management System (RCMS) was proposed as a solution to current problems. In this paper, the collected systems requirements were documents with analyses of the situation, the architecture of the integrated systems with more user-friendly technological alternatives. This large scale linkage requires interface standardization as well as modularization of interfaces. Proposed systems architecture is introduced here with technical details of Jex Framework used,, followed by resulting technical and economic performance of the Realtime Cashflow Management System (RCMS).

• 한국정보과학회논문지:시스템및이론
• /
• 제32권6호
• /
• pp.279-287
• /
• 2005

파일 무결성 검사는 시스템 자원의 안정성 여부를 판단할 수 있는 가장 확실한 방법이지만, 관리자의 경험과 능력에 따라 검사 시간과 효과에 많은 차이가 있을 수 있다. 따라서 가능한 빠른 대웅을 필요로 하는 침입 복구 및 대웅 시스템에 바로 사용하기에는 적합하지 않으며, 또한 손상 자원의 복구에 필요한 자원의 상태 정보는 수집 가능하지만 침입을 차단하기 위해 필요한 침입 행위 주체에 대한 정보는 수집할 수 없다. 본 논문에서는 위의 두 가지 문제를 해결하기 위해 시스템 호출 감시와 파일 무결성 검사를 연동하여 실시간으로 파일의 무결성을 검사하는 rtIntegrit을 제안한다. rtIntegrit은 Syswatcher라는 시스템 호출 검사 도구를 사용하여 요청된 행위를 항상 감시한다. 만약 지정된 파일에 이상 동작이 나타나면 이의 변화에 대하여 실시간으로 무결성 검사를 수행하도록 하고, 해당 관련된 프로세스의 정보를 수집하고 보고함으로서 침입 차단에 활용하게 한다. 또한 IDMEF 형식의 표준으로 감사 자료를 생성하여, 침입 대웅 및 복구 시스템들과 쉽게 연계할 수 있다.

• 정보처리학회논문지C
• /
• 제10C권2호
• /
• pp.145-154
• /
• 2003

네트워크 수준에서 정보보호를 위한 침입차단 시스템과 침입탐지 시스템은 조직 내의 컴퓨터 서버 보안 대책으로는 그 한계를 갖고 있다. 이에 따라 보안 운영체제(Secure OS)에 관한 필요성이 점차 사회적으로 공감대를 형성하고 있다. 본 논문에서는 보안 운영체제의 요구사항과 최근 보급되고 있는 리눅스 운영체제의 커널 수준에서의 보안 연구동향을 살펴보고, 본 연구팀에서 구현한 다중등급 보안 리눅스 커널을 주요 기능 중심으로 기술하고 시험 평가로서 접근제어, 성능 및 해킹 시험을 실시하여 안전성을 입증하였다. 이 보안 커널 기반의 리눅스 운영체제는 TCSEC Bl급에서 요구하는 기준 기능 외에 해킹 차단, 실시간 감사 추적, root의 권한 제한, 통합보안관리 등의 추가적 기능을 제공한다.

• The Journal of Asian Finance, Economics and Business
• /
• 제7권12호
• /
• pp.389-395
• /
• 2020

Earnings management is a matter of concern for organizations because it affects the interests of stakeholders. This reduces the quality of information on financial statements of the organizations when the organization performs earnings management behavior. The objective of the article is to examine the impact of corporate governance on earnings management of all Vietnamese listed banks from 2015 to 2019. The article uses time-series data and ordinary least square (OLS) with Eviews 10.0 software to test the regression model. The agency and asymmetry information theory is used to explain the relationship between corporate governance and earnings management. The study results show that two variables - the foreign members of the board of directors and audit committee - have an opposite effect on earnings management behavior of Vietnamese listed banks. Therefore, the managers of listed banks need to raise awareness to express responsibility for honest and reasonable information on the financial statements. This creates trust and credibility for stakeholders. Moreover, Central bank of Vietnam should monitor regularly and enforce strict sanctions to limit earnings management behavior of listed banks. This contributes to improving the quality of accounting information in the Vietnamese banking sector to meet the trend of international economic integration.

• 통상정보연구
• /
• 제11권4호
• /
• pp.289-312
• /
• 2009

Under the circumstance of increasing international trade volumes and limitation of customs human resources, it is necessary to shift the customs' revenue collection activities and audit method from a transaction-based approach to an account-based approach. Thus, in 1997, U.S. Customs services established the Account Management Program. The Account Management Program is designed to increase importer compliance and improve customer service through one-on-one interaction with business entities and a designated Customs representative(Account Manager). The Account Management Program is a comprehensive process that includes the following stages and activities ; selection of a potential Account, establishment of the Account, management of the Account. In 2009, Korea Customs service introduced and executed the Account Management Program. But owing to its early stages, Korea Customs service does not suggest effective direction of development of the AM program. So I can propose the following improvements of the Account Management Program in Korea. Firstly, the Account Managers have to be assigned more traders than AEOs(Authorized Economic Operators). Secondly, it is necessary that Customs service appoints part-time port Account Managers to help more traders to improve customs compliance. Thirdly, thought should be given as to Account can be expanded to encompass both small and medium enterprises(SME) by providing customs brokers managing their customs business on the behalf of the SME with the Account Managers. Lastly, Customs service has to establish performance measures and action plan for the Account Management Program.

• 한국IT서비스학회지
• /
• 제15권3호
• /
• pp.33-50
• /
• 2016

In a dynamic IT environment, employees often utilize external IT resources to work more efficiently and flexibly. However, the use of external IT resources beyond its control may cause difficulties in the company. This is known as "Shadow IT." In spite of efficiency gains or cost savings, Shadow IT presents problems for companies such as the outflow of enterprise data. To address these problems, appropriate measures are required to maintain a balance between flexibility and control. Therefore, in this study, we developed a new information security management system called AIIMS (Advanced IT service & Information security Management System) and the Shadow IT Evaluation Model. The proposed model reflects a Shadow IT's attributes such as innovativeness, effectiveness, and ripple effect. AIIMS consists of five fields: current analysis; Shadow IT management plans; management process; education and training; and internal audit. There are additional management items and sub-items within these five fields. Using AIIMS, we expect to not only mitigate the potential risks of Shadow IT but also create successful business outcomes. Now is the time to draw to the Light in the Shadow IT.

• 한국융합학회논문지
• /
• 제5권4호
• /
• pp.93-99
• /
• 2014

클라우드 컴퓨팅은 인터넷 기술을 활용하여 IT자원을 필요한 만큼 빌려서 사용하고 서비스 부하에 따라서 실시간 확장성을 지원받으며 사용한 만큼 비용을 지불하는 컴퓨팅 기술을 말한다. 클라우드 컴퓨팅의 핵심기술인 가상화는 서버, 스토리지 및 하드웨어 등을 분리된 시스템이 아닌 하나의 영역으로 간주하여 자원을 필요에 따라 할당하는 기술이다. 그러나 가상화 환경에서 필요로 하는 보안 메커니즘은 하나의 서버 내부가 아닌 서버 간의 트래픽을 모니터링 하도록 설계되어 있고 기본 수준의 가시성, 통제성 및 감사 기능을 갖는 기존 보안 메카니즘으로는 대응하기 어려운 상황이다. 본 논문에서는 클라우드 컴퓨팅 환경에서 가상화 기술의 보안 취약점을 분석하고 이를 토대로 가상화 기술과 관련된 하이퍼바이저 보안 및 게스트 OS 보안 권고 사항을 제시하고자 한다.

• 한국건축시공학회지
• /
• 제8권1호
• /
• pp.97-102
• /
• 2008

The report of the Korean Board of Audit and Inspection(BAI) on May 2007 indicates the problems of Life Cycle Cost (LCC) analysis and evaluation in the Design-Build(Turn-Key) and alternative bidding system. The point which the report indicates is that the cost estimation system for LCC analysis has nothing in common each other and there's no consistency among the repair cycle and ratio per facilities parts. For solving these problems, BAI demands the establishment of the guidelines for LCC analysis and evaluation from the competent authority Korean Ministry of Construction And Transportation(MOCT). The objective of this study is to develop the improvement directions for LCC analysis and evaluation which are suitable to the public construction projects especially for the Design-Build and alternative bidding system in Korea. For this study, the LCC related raws and regulations, LCC analysis guidelines of public cooperations, actual condition of LCC analysis and evaluation which include, the elements of LCC, the estimation rules of the initial cost and the maintenance cost, the analysis standards of time value of money, etc. are investigated to provide the improvement directions for LCC analysis and evaluation.