• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.2
• /
• pp.703-708
• /
• 2010

Various information sources and the increasing vulnerabilities of information systems could increase the risks of a business. The successful management of business risks depends on appropriate level of risks in business. Business risk management would be conducted in terms of financial risk management and information security management. The financial management and the information security management could not achieve an integrated business risk management. For developing the integrated business risk management, this study analyzes the various information security management systems such as ISMS, EA, ISO27001, COBIT, SPICE, Auditing. This study analyzes information security systems, which could be utilized in developing business risk management.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.7
• /
• pp.2892-2913
• /
• 2016

Network virtualization promises to play a dominant role in shaping the future Internet by overcoming the Internet ossification problem. However, due to the injecting of additional virtualization layers into the network architecture, several new security risks are introduced by the network virtualization. Although traditional protection mechanisms can help in virtualized environment, they are not guaranteed to be successful and may incur high security overheads. By performing the virtual network (VN) embedding in a security-aware way, the risks exposed to both the virtual and substrate networks can be minimized, and the additional techniques adopted to enhance the security of the networks can be reduced. Unfortunately, existing embedding algorithms largely ignore the widespread security risks, making their applicability in a realistic environment rather doubtful. In this paper, we attempt to address the security risks by integrating the security factors into the VN embedding. We first abstract the security requirements and the protection mechanisms as numerical concept of security demands and security levels, and the corresponding security constraints are introduced into the VN embedding. Based on the abstraction, we develop three security-risky modes to model various levels of risky conditions in the virtualized environment, aiming at enabling a more flexible VN embedding. Then, we present a mixed integer linear programming formulation for the VN embedding problem in different security-risky modes. Moreover, we design three heuristic embedding algorithms to solve this problem, which are all based on the same proposed node-ranking approach to quantify the embedding potential of each substrate node and adopt the k-shortest path algorithm to map virtual links. Simulation results demonstrate the effectiveness and efficiency of our algorithms.

• Management & Information Systems Review
• /
• v.36 no.1
• /
• pp.1-19
• /
• 2017

One of the methods of securing the reliability of accounting information is maintaining high audit quality. The first step of improving audit quality is lowering audit engagement risks. Thus, this study analyzed the relationship between the characteristics of accounting firms and audit engagement risks based on the Bayesian Network. For this, Markov Blanket, the minimum explanatory variable set, which affects audit engagement risks, was presented, and based on the drawn causal relationship, sensitivity analysis was conducted to verify the characteristics of accounting firms, which affect audit engagement risks. The existing preceding research that used multiple regression analysis presumes the linearity between explanatory variables and dependent variables, so there was a limit in drawing the relationship between explanatory variables. Therefore, this study figured out the interdependence between variables using the General Bayesian Network and examined the impact that each variable has finally on audit engagement risks that affects the audit quality. The results of this study would greatly contribute to improving the efficiency of the supervisory task by allowing a supervisory institution to identify an accounting firms that does not manage audit engagement risks properly and to improve the supervision of the accounting firms in advance. In addition, this study will be used as a reference when a supervisory institution would improve the system related to audit quality by presenting the characteristics of accounting firms related to the audit quality.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.959-981
• /
• 2017

Existing Android malware detection approaches mostly have concentrated on superficial features such as requested or used permissions, which can't reflect the essential differences between benign apps and malware. In this paper, we propose a quantitative calculation model of application risks based on the key observation that the essential differences between benign apps and malware actually lie in the way how permissions are used, or rather the way how their corresponding permission methods are used. Specifically, we employ a fine-grained analysis on Android application risks. We firstly classify application risks into five specific categories and then introduce comprehensive risk, which is computed based on the former five, to describe the overall risk of an application. Given that users' risk preference and risk-bearing ability are naturally fuzzy, we design and implement a fuzzy logic system to calculate the comprehensive risk. On the basis of the quantitative calculation model, we propose a risk classification based approach for Android malware detection. The experiments show that our approach can achieve high accuracy with a low false positive rate using the RandomForest algorithm.

• Management & Information Systems Review
• /
• v.36 no.2
• /
• pp.187-206
• /
• 2017

This study empirically investigated the direct and indirect effects of inter-organizational relationships control mechanisms (IRCM; prudent partner selection and complex contract) on the decrease of inter-organizational risks (i.e., relational risk and performance risk). The empirical results showed that prudent partner selection has a positive impact on the degrees of inter-organizational cooperation and the levels of inter-organizational information flow. The effects of complex contract on the inter-organizational cooperation and information flow were not significant. In the results of the decrease of inter-organizational risks, it was observed that inter-organizational cooperation has significant positive effects on the decrease of both relational risk and performance risk. It was found that partner selection only influences the decrease of performance risk. The impact of inter-organizational information flow on the decrease of inter-organizational risks was not statistically significant. The indirect effects of IRCM on the decrease of performance risk through inter-organizational cooperation were also empirically demonstrated. The significant impact of inter-organizational cooperation on the decrease of risks implies that high levels of collaborations among employees decrease the risk of opportunistic behavior as well as the possibility of low degrees of performance through cooperative efforts. According to the results of the effects of risks on supply-chain performance, only the impact of performance risk was negatively significant. This result points out that the low levels of performance cause delays in delivery and product launch, deterred production and delayed market response, and these deteriorated managerial activities necessarily decrease the degrees of supply-chain performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.813-826
• /
• 2023

Organization members often use the Internet for non-work purposes during work hours, which is called cyberloafing. Certain types of cyberloafing (e.g., webhard, adult, and gambling sites access) can be a major cause of malware infection, which can ultimately generate significant damages to organizations. It therefore is important to examine the relationship between cyberloafing and cybersecurity risks of organizations. We analyzed log data from an internet filtering system of a financial institute and found that the more employees access to blacklist sites, the higher the possibility of malicious code infection. In other words, cyberloafing increases cybersecurity risks of organizations. We suggest that organizations need to monitor and control their members' internet use in an appropriate way.

• The KIPS Transactions:PartD
• /
• v.14D no.6
• /
• pp.689-700
• /
• 2007

Organizations and customers lose if business activities we discontinued by an incident of information systems under the current business environment because they pursue real time enterprise and on demand enterprise. The loss includes the intangible decline in brand image, customer separation, and the tangible loss such as decrease in business profits. Thus. it is necessary to have preparedness in advance and mitigation for minimization of a loss due to the business discontinuity and information system's operational risks. This paper suggests the mitigation model for minimizing the incidents of disk unit in information system's operational risks. The model will be represented by a network model which is composed of the three items as following: (1) causes, attributes, indicators of an operational risk, (2) a periodic time through an analysis of historical data, (3) an index or a regulation related to the examination of causes of an operational risk.

• The Journal of Information Systems
• /
• v.22 no.3
• /
• pp.43-58
• /
• 2013

This work investigates factors that may affect the choice of real options by ERP project managers. Financial theory suggest that these factors include risk-free interest rate, time to maturity, volatility of net present value, and options exercise price. Other than these factors, we are interested in the exogenous risks related to external uncertainties about technological cost, user learning and consulting, and so forth and we argue these risks should have a significant impact upon the volatility of net present value. To validate these factors empirically, we collected survey questionnaires from ERP project managers in Korea. We find that perceived exogenous risks with regard to ERP projects influence volatility and additionally find that ERP project managers prefer contract options of the project when the volatility of the project is expected to be high. We expect that this work will not only validate theoretical propositions but help project managers consider ERP options strategically based on these factors.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.10
• /
• pp.717-728
• /
• 2020

The objective of this study is to explore the whole process of fraud risk management strategies that should be implemented by the organizations. Secondly, this study discusses the governance issues that arise at each stage of the process. For the purpose of this study, a content analysis of previous literatures is used as a technique for gathering data. This process usually involves codifying qualitative and quantitative information into pre-defined categories in order to derive patterns in the presentation and reporting of information. Based on our content analysis, we found that the fraud risk management process should be made of at least five stages which are inculcating the culture of managing risks in an organization, identifying the risks, evaluating the risks, determining preventive actions and implementing and reviewing stages. Our extended analysis of the fraud risk management process finds that a lot of governance issues arise in the fraud risk management process that should be solved by regulators and companies in order to ensure that fraud risk management process is embedded as corporate culture, not merely as a process. Among them are how to create the risk culture in an organization and whether auditors and risk management committees identify risks from each available source.

• Journal of Information Processing Systems
• /
• v.16 no.6
• /
• pp.1372-1390
• /
• 2020

An attractive user interface (UI) design with a clear user experience (UX) is the key for the success of applications. Therefore software development projects require very close collaboration between SI developers and front-end service developers. However, methodologies for software development only exist with inadequate development processes or work standards for collaboration. This survey derived 13 risk factors in developing UI/UX from 113 risk factors of IT projects through a questionnaire and factor analysis and proposed a collaboration-based UI/UX development model that can eliminate or mitigate six risks with high weights and reliability. To extract risk factors with high reliability, factor and reliability were analyzed to extract 13 major risks, and based on the expert opinions and the results of correlation analysis, UI/UX development stages were classified into planning, design, and implementation. The causal relationships between risks were verified through regression analysis. This study is the first to expertly analyze major risks based on collaboration in UI/UX development and derive a theoretical basis that can be used in project risk management. These findings are expected to provide a basis for research on development methodologies for higher levels of front-end services and to construct rational collaboration systems between SI practitioners and front-end service providers.