• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1339-1350
• /
• 2019

Ransomware is a malicious software which requires money to decrypt files that were encrypted. As the number of ransomware grows, the encryption process in ransomware has been more sophisticated and the strength of security has been more stronger. As a result, analysis of ransomware becomes more difficult and the number of decryptable ransomware is getting smaller. So, research on encryption process and decryption method of ransomware is necessary. In this paper, we show encryption processes of 5 ransomwares which were revealed in 2019, and analyze whether or not those ransomwares are decryptable.

• The Journal of Society for e-Business Studies
• /
• v.27 no.2
• /
• pp.137-152
• /
• 2022

Consumers' enhanced intention to adopt the Mydata service or their voluntary provision of personal information is a very essential element in the stable growth of the Mydata industry along with the creation of corporate values. The growing leakage of customer information according to the rising value of data can have negative impacts on the use of Mydata service and shrink quality custom service needs based on the personal information provided by financial consumers. This study set out to identify security risks that financial consumers could recognize and security factors that could supplement them and investigate the effects of these security factors on consumers' intention to adopt the Mydata service, thus providing useful implications for increasing the acceptance of financial consumers and finding a strategy to expand safe utilization. The findings raise a need to guarantee the stability and transparency of information provided by customers as information subjects, and they should be essential requirements for the Mydata service. The security factors applied to guarantee them should include convenience in terms of financial service.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.101-107
• /
• 2007

In recent years, electronic financial services, such as internet banking, come into wide use since the personal computer and network technology have made reasonably good progress. The growth of electronic financial service contributes to promoting the business efficiency of financial institution and promoting the convenience of financial customer, while the security on electronic financial service is getting more important because it is not face-to-face financial service. Therefore, the financial sector had decided to introduce the OTP (One Time Password) in order to authenticate the identification of customer and has built the Integrated OTP Authentication Center for a customer being able to use only one OTP token in electronic financial transaction with several financial institution. In this paper, we introduce the business of Integrated OTP Authentication Center and present the security analysis on integrated OPT authentication service, which is the main function of Integrated OTP Authentication Center.

• Journal of Korea Society of Industrial Information Systems
• /
• v.22 no.4
• /
• pp.45-64
• /
• 2017

The Purpose of this Study is to find out the Implications of the Information Security Activities of Financial Companies on the Confidence of the Information Security Officers and to find Academic and Practical Implications to Supplement the Insufficiencies. As a Result, it was Confirmed that the Information Security Officer's Confidence in Information Security for Companies and the Level of Information Security Awareness of the Employees are Increased when Financial Companies Conduct Information Protection Activities Focusing on Information Security Education, Security Incident Responses and In/Out Security.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.193-201
• /
• 2017

Financial firms strengthen to protect personal information from the leakage, introducing various security solutions such as print output security, internet network Isolation system, isolationg strorage of customer information, encrypting personal information, personal information detecting system, data loss prevention, personal information monitoring system, and so on. Financial companies are also entering the era of cutthroat competition due to accept of the new channels and the paradigm shift of financial instruments. Accordingly, The needs for security for customer information held by financial firms are keep growing. The large security accidents from the three card companies on January 2014 were happened, the case in which one of the outsourcing personnel seized customer personal information from the system of the thress card companies and sold them illegally to a loan publisher and lender. Three years after the large security accidents had been passed, nevertheless the security threat of the IT outsourcing workforce still exists. The governments including the regulatory agency realted to the financail firms are conducting a review efforts to prevent the leakage of personal information as well as strengthening the extent of the sanction. Through the analysis on the application of security policy for outsourcing personnel in case of large-scale Financial IT projects and the case study of appropriate security policies for security compliance, the theis is proposing a solution for both successfully completing large-scale financial IT Project and so far as possible minizing the risk from the security accidents by the outsouring personnel.

• Korean System Dynamics Review
• /
• v.16 no.4
• /
• pp.31-50
• /
• 2015

The purpose of this research is to understand a structural relationship between financial regulations and security industry based on the systems thinking perspective using causal loop analysis. As a result, the positive regulations on security technology against finance security incidents shrink the autonomy of the security industry and will deteriorate the competitiveness of the security industry through the unknown feedback loop. The conclusion provides the direction that policy makers understand causal loop diagram related current regulations and open enough to the consideration of the negative regulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.173-179
• /
• 2015

Financial fraud such as phishing have passed several years from the occurrence, in spite of the widely known through the media, regardless of the social status or age, financial fraud has occurred on an ongoing basis, the damage is not reduced. The fraud account, the person who made the account, the user is different, it is possible to avoid tracking financial channel, and is used as a receiving means for fraud money of various crimes. Efforts of financial institutions and financial supervisory institutions, it has been promoted by preparing various measures for the eradication of fraud account so far been used as a means of financial crime, the proliferation of financial fraud, opening and distribution of fraud account is a receiving means for fraud money are also increasing continuously, it is necessary to take countermeasures. In spite of the continuous crackdown of financial institutions and financial supervisory institutions, it is causing serious damage to society, analyzes the current situation of fraud account, to present an effective and aggressive countermeasure of financial institutions in this paper.

• The Journal of Society for e-Business Studies
• /
• v.19 no.4
• /
• pp.119-134
• /
• 2014

Financial companies are providing electronic financial transactions through a variety of user terminals for non-face-to-face services such as Internet banking, smart phone banking, or etc. However, in these services users' security awareness and the limitations of technical responses has frequently caused the financial loss so that fundamental protection measures are required from financial authorities. Accordingly, financial industry is planning and establishing systems that block unusual financial transactions by comprehensively analyzing and detecting user's electronic information, access information, transaction information, and so on in accordance with "Guide for building Unusual financial transactions detection system" to prevent the financial loss that happens in electronic financial transactions. In this paper, we analyze case studies of unusual financial transactions detection and prevention system that is built and operated in financial companies and current operating status and propose effects of the accident prevention and security measures later.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.39-46
• /
• 2022

The article is devoted to clarifying current trends in the digitalization of financial services. To this end, the evolution of this process in the financial sector was studied and six stages of its development were identified. The components of successful implementation of digitalization in the field of financial services and its tasks are outlined. It was found that fintech companies, which work to achieve effective interaction between the financial sector and innovative technologies in the use of mobile applications in order to most fully and quickly meet the needs of customers with financial services, are of great importance for the formation and development of digitalization in financial services. Current trends in the digitalization of financial services in Ukraine based on the use of fintech in general and banking institutions in particular are presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.339-346
• /
• 2018

Ransomware is a malicious program that requires money by encrypting data. The damage to ransomware is increasing worldwide, and targeted attacks for corporations, public institutions and hospitals are increasing. As a ransomware is serviced and distributed, its various usually emerge. Therefore, the accurate analysis of ransomware can be a decryption solution not only for that ransomware but also for its variants. In this paper, we analyze a cryptographic elements and encryption process for Erebus found in June, 2017, and investigate its cryptographic vulnerability and memory analysis.