• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4226-4241
• /
• 2014

Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.5
• /
• pp.110-119
• /
• 2007

In an extended enterprise, there is a shift to shared services, cosourcing and outsourcing, and extending out to partners, suppliers, and customers to accomplish business objectives more effectively. Along with this critical need, executives should be aware of the need to focus on optimizing the value of their information technology and reducing the related risks. So IT governance is critical, and many companies including spin-off venture are providing IT governance solution, but very little is known about brand management and marketing strategy of IT governance solution provider. The purpose of this study is to investigate brand positioning of IT governance solution company focusing on spin-off venture. The results of this study are summarized as follows. First, brand management is needed in the spin-off venture. second, IT governance solution companies including spin-off venture must provide something more than functional value. That is, they actively seek to emotional or symbolic value for their customers.

• Journal of the Korean Data and Information Science Society
• /
• v.21 no.2
• /
• pp.251-262
• /
• 2010

While outsourcing has become a basic strategy of the information system adoption, there is an emerging needs to analyze the gap between the required data and the existing data for the new system from an adopting company's perspective. In CRM adoption failure cases, the first reason is adopting company pay no attention to the data that will support investment and systems. So far, there is no attempt to consider data driven approach in information system adoption field. Hence, we propose Information System Adoption Model based on Data (ISAMD) and show how to use in real world by simulation. By using ISAMD, information system adoption decision maker can simulate the needed data and related cost with various information system alternatives in short term, and long term planning. ISAMD can prevent the possible threat of unexpected data cost in adopting new system at the adopting decision stage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.763-777
• /
• 2021

Information security started as an IT operation process and is now recognized as an important issue of information technology, and each international organization is newly defining the concept. Information security itself is a new combination of IT technologies, a set of technologies and a technology area. As IT outsourcing becomes common in many public sectors, SLAs are introduced to evaluate the level of IT services. In the area of information security, many studies have been conducted on the derivation and selection of SLA performance indicators, but it is difficult to find a way to apply the performance indicators to service level evaluation and performance systems. This thesis conducted a study on the application of a service evaluation system for information security performance indicators based on the public sector and a performance system including compensation regulations. It presents standards and rewards(incentive and penalty) that define expectation and targets of performance indicators that take into account the environment and characteristics of a specific public sector, and defines appropriate SLA costs. It proposes a change plan for the organizational structure for practical SLA application and service level improvement.

• Information Systems Review
• /
• v.4 no.1
• /
• pp.19-31
• /
• 2002

The JTEL's success case of implementing ERP through ASP is studied in this paper. This paper especially presents the detail processes of implementing ERP through ASP and the advantages of that. Critical success factors in this case study are that pre-prepared ERP template and repetitive prototyping methodology was successfully utilized and that end users involved positively and accepted the standard best-practice processes of the ERP template in this project. These factors reduced ERP training periods and also the whole implementation periods, which made the project time quite short and TCO less. Considering these success factors, ASP method provides the advantages of global e-business IT environment, continuous new IT technologies and flexible response to the business changes to the small and medium firms. Finally, the paper suggests the new direction and possibility for small and medium firms focusing on the core competency and utilizing new system infrastructure through ASP method compared with in-house implementation.

• International Commerce and Information Review
• /
• v.14 no.4
• /
• pp.563-582
• /
• 2012

In this paper, UPnP Network SaaS model has been studied. Currently, this model of UPnP Network and the trade mission is being used by outsourcing. From now on, the introduction of new trading systems and existing systems and the commercialization of this model as a UPnP network service connection should work. The future of UPnP network SaaS model will become commercially available software, commercial software can be accessed remotely via the Internet should be. Customer site activities must be managed from a central location. Application software architecture, pricing, partnerships, management should not include the character models. N should be the model. When used in small and medium enterprises have a very high value.

• 한국경영정보학회:학술대회논문집
• /
• 2007.11a
• /
• pp.129-135
• /
• 2007

IT에 대한 의존도와 그에 따른 투자 비용이 증가함에 따라 IT거버넌스에 대한 관심이 높아지고 있는 추세이다. 또한 IT아웃소싱 시장의 확대, 계약 규모의 증가로 인해 IT 아웃소싱의 효과적인 운영에 대한 관심도 또한 높아지게 되면서 IT 서비스 제공을 위한 표준 등 프로세스를 기반으로 한 IT 서비스 관리가 주요 이슈로 떠올랐다. 본 연구는 국내 SI업체 V공급사와 그의 4개의 고객사를 대상으로 고객사와 공급사의 IT거버넌스 및 IT 서비스 관리에 대한 인식에 따른 IT아웃소싱 성공을 평가하였다. 자료의 수집은 IT거버넌스와 IT서비스 관리 프로세스 부문에 대해서는 관련 전문가(key informant)들을 대상으로 인터뷰와 설문을 통해 이루어졌고, IT아웃소싱 성공 평가는 고객사의 사용자(end user)를 대상으로 설문하여 약 200개의 데이터를 확보하였다. 그 결과 IT거버넌스와 IT 서비스 관리 성숙도가 IT아웃소싱 성과에 영향을 끼치는 것으로 나타났으며, IT 아웃소싱 성과를 평가하는 차원들끼리도 전체 만족도에 대해 영향을 미치는 것으로 조사되었다. 본 연구는 IT거버넌스와 IT서비스 관리 프로세스 성숙도가 IT아웃소싱 성과에 미치는 영향을 제시함으로써 IT거버넌스의 중요성을 인식시키고 IT서비스 관리 프로세스 시스템 도입을 고려하는 기업에 지침을 제공하고자 한다.

• Information Systems Review
• /
• v.14 no.3
• /
• pp.53-74
• /
• 2012

IT outsourcing (ITO) is an integration of two firms-external vendor(s) and a client firm-IT resources by contract. According to resource-based view(RBV), three different resources-ITO vendor's resource, client firm's resource, and the relationship resource between two firms- may have an impact on ITO performance. However, there have been few previous studies considering all three IT resources simultaneously. There have been also few empirical studies in ITO context, which test Bharadwaj (2000)'s findings: 1) IT resources can be divided into tangible IT asset and intangible IT capability, and 2) only IT capability has an impact on the IT performance. Therefore we examined whether, in ITO context, all three different resources have a significant impact on ITO performance. Adopting the findings of previous IT studies, we also divided IT resource into IT asset and IT capability. To achieve this research objective, we analyzed 62 ITO cases of 45 companies being listed in Korean top 100 companies for recent 3 years. Also, we analyzed the data with the Partial Least Squares method. The results of this research lead to the following conclusions: First, only when partnership is high, ITO vendors' resource can have an influence on ITO performance. Second, only client firm's IT capability, not IT asset, is directly related to the ITO success. Third, a firm's IT capability can increase the partnership. Therefore, we concluded that 1) RBV is also an useful theory in ITO context, 2) Bharadwaj(2000)'s suggestion is valid in ITO context as well, and 3) the relationship resource is also important in ITO.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.5-14
• /
• 2014

Searchable encryption systems provide search on encrypted data while preserving the privacy of the data and the search keywords used in queries. Recently, interest on data outsourcing has increased due to proliferation of cloud computing services. Many researches are on going to minimize the trust put on external servers and searchable encryption is one of them. However, most of previous searchable encryption schemes provide only a single keyword boolean search. Although, there have been proposals to provide conjunctive keyword search, most of these works use a fixed field which limit their application. In this paper, we propose a field-free conjunctive keyword searchable encryption that also provides rank information of search results. Our system uses prime tables and greatest common divisor operation, making our system very efficient. Moreover, our system is practical and can be implemented very easily since it does not require sophisticated cryptographic module.