• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.959-981
• /
• 2017

Existing Android malware detection approaches mostly have concentrated on superficial features such as requested or used permissions, which can't reflect the essential differences between benign apps and malware. In this paper, we propose a quantitative calculation model of application risks based on the key observation that the essential differences between benign apps and malware actually lie in the way how permissions are used, or rather the way how their corresponding permission methods are used. Specifically, we employ a fine-grained analysis on Android application risks. We firstly classify application risks into five specific categories and then introduce comprehensive risk, which is computed based on the former five, to describe the overall risk of an application. Given that users' risk preference and risk-bearing ability are naturally fuzzy, we design and implement a fuzzy logic system to calculate the comprehensive risk. On the basis of the quantitative calculation model, we propose a risk classification based approach for Android malware detection. The experiments show that our approach can achieve high accuracy with a low false positive rate using the RandomForest algorithm.

• Journal of Korean Institute of Industrial Engineers
• /
• v.28 no.1
• /
• pp.44-56
• /
• 2002

For the risk analysis and risk assessment techniques to be effectively applied to the field of information technology (IT) security, it is necessary that the required activities and specific techniques to be applied and their order of applications are to be determined through a proper risk management model. If the adopted risk management model does not match with the characteristics of host organization, an inefficient management of security would be resulted. In this paper, a risk management model which can be well adapted to Korean domestic IT environments is proposed for an efficient security management of IT. The structure and flow of the existing IT-related risk management models are compared and analysed, and their common and/or strong characteristics are extracted and incorporated in the proposed model in the light of typical threat types observed in Korean IT environments.

• The Journal of Industrial Distribution & Business
• /
• v.6 no.1
• /
• pp.37-40
• /
• 2015

Purpose - Investors, creditors, governments, and others make decisions using reasonable information provided by others. In many cases, the users of this information have goals and objectives conflicting with those of the information's producers, indicating the need for external auditors. Research design, data, and methodology - Competition in auditing has noticeably intensified globally, especially in developed countries. This means that auditors are striving to increase the efficiency of their methods. In recent years, risk-based auditing has become prominent among these efforts. In risk-assessment auditing, the auditor may directly affect the effectiveness and efficiency of the audit. Results - As a central framework, the risk assessment process improves audit quality and effectiveness such that the audit will lead to necessary changes. Previous studies have shown that risk assessment affects the nature, timing, and content of audit procedures. Conclusions - In the planning stage of an audit, audit risk assessment may identify any inappropriate or inefficient distribution of resources or determine whether the results of an audit will be ineffective or incorrect. Thus, assessing audit risk is a critical task.

• IE interfaces
• /
• v.16 no.1
• /
• pp.94-102
• /
• 2003

This study proposed a method to apply risk management standards to a product safety management program and reviewed cases where a risk management cycle is applied to the product safety management program. Comparing the four product safety management programs suggested by several authors yielded common features of the risk management cycle: (1) organization for product safety, (2) risk identification, (3) risk evaluation, (4) risk treatment, (5) monitoring/communication, and (6) documentation. A Japan company(Ricoh)'s case showed that the risk management cycle to treat product liability risks can be used as a successful product safety management program.

• Asia pacific journal of information systems
• /
• v.16 no.3
• /
• pp.143-158
• /
• 2006

Identifying risk factors in software risk management is imperative for project managers. The purpose of this paper is to provide software project risk factors validated by statistical analysis, and thus to help project managers alleviating the possibility of software project failure. Factor analysis with data collected from 264 Korean project managers and consultants identified 12 categories and 46 risk factors. T-test results showed that project managers and participants had statistically different perception on 3 risk factors among those 46 risk factors. We concluded by discussing implications of our findings and future research directions.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2004.05a
• /
• pp.636-647
• /
• 2004

The objective of this paper is to provide an improved reorder decision policy for general multi-echelon distribution systems utilizing the shared stock information. It has been known that traditional reorder policies sometimes show poor performance in distribution systems. Thus, in our previous research we introduced the order risk policy which utilizes the shared stock information more accurately for the 2-echelon distribution system and proved the optimality. However, since the real world supply chain is generally composed with more than 2 echelons, we extend the order risk policy for the general multi-echelon systems. Since the calculation of the exact order risk value for general multi-echelon systems is very complex, we provide two approximation methods for the real-time calculation. Through the computational experiment comparing the order risk policy with the existing policies under various conditions, we show the performance of the order risk policy and analyze the value of the shared stock information varying with the characteristics of the supply chain.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2003.11a
• /
• pp.159-165
• /
• 2003

The objective of this paper is to provide an improved reorder decision policy for general multi-echelon distribution systems utilizing the shared stock information. Since it has been known that traditional reorder policies sometimes show poor performance in distribution systems, in our previous research we introduced the order risk policy which utilizes the shared stock information more accurately f3r the 2-echelon distribution system and proved the optimality. However, since the real world supply chain is generally composed with more than 2 echelons, we extend the order risk policy for the general multi-echelon systems. Since the calculation of the exact order risk value fur general multi-echelon systems is very complex, we provide two approximation methods. Through the computational experiment comparing the order risk policy with the existing policies under various conditions, we show the performance of the order risk policy and analyze the value of the shared stock information varying with the characteristics of the supply chain.

• IE interfaces
• /
• v.17 no.3
• /
• pp.359-374
• /
• 2004

The objective of this paper is to provide an improved reorder decision policy for general multi-echelon distribution systems utilizing the shared stock information. It has been known that traditional reorder policies sometimes show poor performance in distribution systems. Thus, in our previous research we introduced the order risk policy which utilizes the shared stock information more accurately for the 2- echelon distribution system and proved the optimality. However, since the real world supply chain is generally composed with more than 2 echelons, we extend the order risk policy for the general multi-echelon systems. Since the calculation of the exact order risk value for general multi-echelon systems is very complex, we provide two approximation methods for the real-time calculation. Through the computational experiment comparing the order risk policy with the existing policies under various conditions, we show the performance of the order risk policy and analyze the value of the shared stock information varying with the characteristics of the supply chain.

• Journal of Distribution Science
• /
• v.14 no.4
• /
• pp.55-66
• /
• 2016

Purpose - This article aims to explore the characteristics of disaster risk distribution information in China. Also, this research attempts to analyze the findings of risk communication using case study in chronological order in terms of social amplification of risk. To achieve the purpose, the paper reviews the trends and issues of risk communication in China, with an emphasis on examining earthquakes by a chronological approach. In these regards, we hope that some relevant findings from this empirical study with cases will be able to enhance national risk communication and provide implications in Korea as well. Research design, data, and methodology - The conceptual framework of this study is theoretically based on the risk amplification model, which describes signals about risk transmitted and processed by individuals and social groups. The social amplification of risk also reflects the interactions of social groups about disaster-related risk issues, which are potential amplifiers or attenuators of communication signals. The key concept of social amplification implies that the risks pertaining to natural disasters interact with social, psychological, institutional, and cultural processes in ways that can affect public perceptions of risk. SMCRE Model is methodologically employed to examine risk communication history of China with the focus on natural disaster. Four earthquakes are selected to figure out the chronological characteristics of risk communication since 1970s. He bei Tang Shan earthquake is selected as an example disaster before 1990's, while the earthquake in Yun Nan Jiang is explored for the case study of 1990's. The earthquake in Si Chuan Wen Chuan is also examined as a example disaster of 2000's. The recent earthquake in Si Chuan Ya An Lu Shan is selected as a case of 2010s. Results - SMCRE model in this case study is operationally defined as a methodology and applied to the four earthquakes occurred in China. SMCRE model describes the exchange of risk information and is also applied to all forms of communication between stake holders. Each factor of risk communication includes source, message, channel, receiver and effect. It is notable that a big progress has been made on disaster risk communication in China for the past 40 years. We also found that highly developed information technology has enabled Chinese society to better cope with natural disaster, leading to enhanced disaster risk communication. It is mainly found from case study that the disaster risk communication of China has been involved with political situation, which derived from the change of government for the past 40 years. Conclusion - From this historical research, it can be inferred that the policies and politics of Chinese leaders have had a more critical role to play in the process of source of risk communication than those of any other countries. The results of this paper also support that the effective risk communication involves not only the improved reliability of local government as a key factor of disaster risk communication, but also is accompanied by international cooperation for substantial collaboration with stake holders.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.2
• /
• pp.133-140
• /
• 2009

In the paper, we proposed the systematical and quantitative software risk management methodology based on risk analysis model. A software risk management consists of the basic risk management method(BRIMM) and the detailed risk management method(DRIMM). BRIMM is applied to unimportant phases or the phase which also the risk factor does not heavily influence to project. DRIMM is used from the phase which influences highly in project success or the phase where the risk factor is many. Fulfilling risk management combined two methods, we can reduce project's budget, term and resource's usage, and prevent risk with the optimum measures obtained by the exact risk analysis.