• 정보처리학회논문지D
• /
• 제14D권6호
• /
• pp.689-700
• /
• 2007

정보시스템 운영리스크를 최소화하고, 장애시간 동안의 영업기회 손실비용 규모를 줄이기 위해서는 장애의 예방과 사전준비가 필요하다. 그런데 장애가 발생할 경우, 대부분의 기업에서는 장애발생 직후에 대응과 복구 조치를 취하고 있다. 프로그램 개발자나 시스템운영자들은 과거의 경험과 직관에 의존하여 장애를 관리하고 있을 뿐, 장애를 체계적으로 관리하고 사전에 예방하는 사례를 찾아보기가 힘든 실정이다. 본 논문은 정보시스템 운영리스크의 관점에서, 디스크 장애예방을 위한 피해저감모델의 개발에 초점을 맞추었다. 연구모델은 디스크장치에서 정보시스템 운영리스크가 발생하는 위험원인, 그리고 이러한 원인들을 사전에 점검하는 점검주기, 점검에 필요한 운영규정으로 구성된다. 또한 정보시스템 부문의 하드웨어 장애요인 중에서 가장 크게 나타나고 있는 디스크 장애에 대하여 피해저감모델을 적용함으로써 활용 가능성을 보여 준다.

• 한국CDE학회논문집
• /
• 제11권5호
• /
• pp.327-334
• /
• 2006

Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

• Journal of Information Technology Applications and Management
• /
• 제14권3호
• /
• pp.95-113
• /
• 2007

To minimize IT operational risks and the opportunity cost for lost business hours. it is necessary to have preparedness in advance and mitigation activities for minimization of a loss due to the business discontinuity. There are few cases that banks have a policy on systematic management, system recovery and protection activities against system failure. and most developers and system administrators response based on their experience and the instinct. This article focuses on the mitigation model development for minimizing the incidents of disk unit in IT operational risks. The model will be represented by a network model which is composed of the three items as following: (1) the risk factors(causes, attributes and indicators) of IT operational risk. (2) a periodic time interval through an analysis of historical data. (3) an index or an operational regulations related to the examination of causes of an operational risk. This article will be helpful when enterprise needs to hierarchically analyze risk factors from various fields of IT(information security, information telecommunication, web application servers and so on) and develop a mitigation model. and it will also contribute to the reduction of operational risks on information systems.