• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• Information Systems Review
• /
• v.19 no.1
• /
• pp.147-168
• /
• 2017

We investigated perceptual similarity and the difference between client and vendor in information technology (IT) outsourcing projects. Specifically, we focused on each player's perception of how the fit of governance and peripheral knowledge affects the performance of IT project outsourcing. For 107 IT projects, we surveyed both client and vendor in the same IT projects and compared the responses of each side. Through a dyadic analysis, we first found that both client and vendor put more weight on the vendor's peripheral knowledge than that of the client as a positive influencer of project performance. However, regarding the governance style of an IT project, client and vendor showed completely different perspectives. The client believed that the vendor's peripheral knowledge positively contributes to the performance of IT project under the governance of outcome control. However, the vendor showed that its peripheral knowledge creates synergy effects under the governance of process control. Our interpretation of the perceptual similarity and difference between client and vendor delivers managerial implications for businesses that process IT projects.

• International Journal of Contents
• /
• v.15 no.2
• /
• pp.38-43
• /
• 2019

Recently, bottom-up information systems (BUIS), developed according to the requirements of individual user departments, have become popular. However, effective management of BUIS projects is not enough, with many organizations having experienced integration challenges with such individual projects. BUIS projects are relatively small and limited in scope, as opposed to the large, complex systems developed through traditional top-down information system development projects. Due to these differences in characteristics, the control modes as well as the aspects to improve development performance in each type of project are also different. Therefore, it is difficult to apply the results of prior research on control in system development projects to improve BUIS project performance. The purpose of this study is to derive a new theory of control to improve BUIS project performance. The results contribute to the improvement of firm performance through effective control of BUIS projects in modern enterprises.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.8
• /
• pp.35-43
• /
• 2015

Recently, internal information leaks is increasing rapidly by internal employees and authorized outsourcing personnel. In this paper, we propose a method to integrate internal control systems like system access control system and Digital Rights Managements and so on through expansion model of SIEM(Security Information Event Management system). this model performs a analysis step of security event link type and validation process. It develops unit scenarios to react illegal acts for personal information processing system and acts to bypass the internal security system through 5W1H view. It has a feature that derives systematic integration scenarios by integrating unit scenarios. we integrated internal control systems like access control system and Digital Rights Managements and so on through expansion model of Security Information Event Management system to defend leakage of internal information and customer information. We compared existing defense system with the case of the expansion model construction. It shows that expanding SIEM was more effectively.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.9
• /
• pp.4742-4770
• /
• 2019

Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 2003.05a
• /
• pp.366-376
• /
• 2003

Recently, market size for IT outsourcing has grown. As internet technology has been developed for accessing information resources, information systems have become internet-based, which is called an ASP(Application Service Provider); evaluating the performance fur ASP becomes important. Therefore, this paper attempts to investigate the salient characteristics of ASP An ASP success model is proposed based on information systems success models found in the literature. Our model is tested through a survey from 291 small companies. LISREL is used to demonstrate the suitability of our model, and the success factors for ASP are also investigated. Our result is likely to help provide useful guidelines for successful ASP implementation.

• Journal of Information Technology and Architecture
• /
• v.9 no.1
• /
• pp.43-55
• /
• 2012

In recent years, outsourcing of information systems, including decision support systems has become a key method for managing the system portfolio of a corporation. Since the outsourced DSSs provide their own models and solvers, which may be created on the basis of different modeling practices and system platforms, the decision maker wishing to solve business problems using the outsourced DSSs frequently faces a difficulty in selecting and/or applying appropriate models and solvers to the problems on hand. This paper proposes a DSS outsourcing architecture that enables a user to discover and execute appropriate models and solvers, even though the user is not knowledgeable enough about all the details of the models and solvers. Specifically, this paper adopts a Web services approach to integrate the heterogeneous models and solvers by encapsulating individual models and solvers as Web services and hiding all system specific implementation details from the users.

• Journal of Information Technology Application
• /
• v.3 no.4
• /
• pp.19-42
• /
• 2001

In this study, we surveyed information systems(IS) personnel in organizations which have adopted customer relationship management(CRM) systems (Group one IS personnel), those in organizations which plan to adopt CRM systems(Group two IS personnel), and IS consultants specialized in the CRM. We found that there are significant perception gaps among the three groups of IS practitioners in regard to the three aspects of CRM systems: the effects of CRM systems, critical success factors of CRM systems introduction, and the pros and cons of outsourcing a CRM system by the application service providers(ASP). The results reveal that Group one IS personnel evaluate the effectiveness of their CRM systems as moderate, while IS consultants evaluate the effectiveness of CRM systems very high and that Group two IS personnel expect the effectiveness of CRM systems to be as high as the evaluation of IS consultants. IS personnel evaluated the advantages of outsourcing CRM systems by ASP to be moderate while IS consultants evaluated it to be high. The results also show that the adoption of CRM systems is initiated by strong leadership of the top management but is not supported adequately by management thereafter.

• Information Systems Review
• /
• v.8 no.3
• /
• pp.175-200
• /
• 2006

Application service provider(ASP) model is emerging as a new form of application outsourcing. ASP model may be attractive for small companies and even some medium-sized companies because these companies lack appropriate resources and technical expertise to develop and operate their information system. However, studies of ASP model have so far been neglected. Service quality is argued to be a crucial success factor for ASP, but yet there is not an empirically validated instrument for measuring ASP service quality. Therefore, this paper aims to develop and test a model for measuring ASP service quality. In order to accomplish these, SERVQUAL that has developed in marketing area were adapted to the context of this study. The research sample was designed by randomly selecting 300 different companies from the database that listed up the small companies participating in "ASP based e-business project for small enterprises". 240 usable responses were received by interview. The results are that reliability and tangibility impact user performances and satisfaction more than any of the service quality dimensions.

• 한국IT서비스학회:학술대회논문집
• /
• 2003.05a
• /
• pp.137-144
• /
• 2003

최근의 기업 환경은 고객욕구의 빠른 변화, 글로벌 경쟁의 격화와 급격한 정보기술의 발전으로 변화의 속도가 가속화하면서, 경영의 위기와 기회를 동시에 맞고 있다. 이러한 환경 속에서 기업의 핵심역량 강화와 경쟁우위를 위하여 필요한 정보기술을 어떻게 빨리 확보해서 활용하느냐가 매우 중요한 관건이 다. 종전에 는 이를 기업 내부에서 수행했으나, 요즈음은 외부 전문 업체에게 아웃소싱을 하는 추세이다. 이에 따라 국내 기업의 정보시스템 아웃소싱의 사례 연구를 통하여 아웃소싱의 위험 요소와 문제에 대한 방안을 제시하고자 한다.