• Asia pacific journal of information systems
• /
• v.10 no.2
• /
• pp.149-176
• /
• 2000

As companies become more dependent upon information systems(IS), the potential losses of IS resources become critical. IS management must assume the increasing responsibility for protection of IS resources as the IS and business environments become more vulnerable to various threats. The major issues facing management, when attempting to manage risks, include the assessment of the impact of risks on business objectives and the design of security safeguards to reduce the unacceptable risks to an acceptable level. This paper provides a case study of the risk management for IS. A Korean credit card company which has the high sensitivity for customers security was selected as a case. The risk management procedure using a powerful tool, CRAMM(the Central Computer and Telecommunications Agencys Risk Analysis and Management Method) was applied for this company.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.2
• /
• pp.327-331
• /
• 2020

In that this study is a subject and character of risk, emerging security covers non-military areas in addition to traditional military security: environmental security, human security, resource security, and cyber security. The rise of these risks is not only changing the phenomenon of the new expansion of security areas, but also the expansion of the number and scope of security entities and the aspect of security world politics. These risks are transnational security issues at the global level in terms of their nature and extent of the damage, as well as multi-layered ones that affect local and personal security issues at the regional and national levels. In addition to national actors, non-state actors such as international organizations, multinational corporations, and global civil society, and furthermore, technology and social systems themselves are causing risks. Therefore, to solve the new security problem, it is necessary to establish a middle-level and complex governance mechanism that is sought at the regional and global levels beyond the fragmented dimension of the occurrence of new security issues that have been overlooked in the existing frame of perception, and to predict and find ways to respond to new security paradigms that have been identified in a broader sense.

• Journal of Information Technology Services
• /
• v.19 no.6
• /
• pp.119-130
• /
• 2020

This work investigates how domestic or foreign ERP affects the relationship between risks associated ERP implementation and intention to adopt risk-mitigating options. We propose three risks such as ERP vendor risk, economic risk, and security risk should affect positively the intention to adopt the risk-mitigating options. To validate the impact of risks and to examine the difference between domestic and foreign ERP, we collected data from IT managers in small and medium sized logistics companies in South Korea using survey questionnaires. We validate the difference between domestic ERP and foreign ERP using multiple regression analyses. We find that IT managers using domestic ERP are willing to adopt risk-mitigating options for economic and security risk. In contrast, we find that IT managers using foreign ERP are willing to adopt risk-mitigating options for ERP-vendor risk. This work may provide IT managers in logistics industry a practical guideline of choosing either domestic or foreign ERP based on their risk preferences.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.6
• /
• pp.221-231
• /
• 2020

This research investigates the relationship among product risk, financial risk, security risk, privacy risk, perceived satisfaction, and purchase intention. Validated measurements were identified from a literature review. The measurement model and the conceptual model depicting hypothesized relationships were evaluated based on responses from 306 customers using confirmatory factor analysis and structural equation modeling. The results showed that product risk, financial risk, security risk, and privacy risk impacted on perceived satisfaction. Besides, product risk, privacy risk, and perceived satisfaction influenced purchase intentions. Thus, this study focused on the influences of product risk, financial risk, security risk, and privacy risk on their cognitive attitudes toward websites. That means the more consumer perceive security, the more they avoid shopping online. The study is important to show how perceived risk affects online shopping behaviors, and it invites marketers to make necessary adjustments to prevent perceived risks to increase and online shopping to decrease. The findings of this study suggest the creation of a framework on the effect of perceived risk types on online shopping. Managers need to take perceived risks into account when designing their electronic marketing channels. In addition, shopping websites should strengthen their transaction security by appropriately using various available resources and new information technologies.

• Journal of Electrical Engineering and Technology
• /
• v.12 no.2
• /
• pp.495-501
• /
• 2017

The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. In other words, The Energy Management System (EMS) and other communication networks interact with the power system on a real time basis, so it is important to understand the interaction between two layers to protect the power system from potential cyber threats. This paper aims to identify and clarify the cyber security risks and their interaction with the power system in Smart Grid. In this study, the optimal power flow (OPF) and Power Flow Tracing are used to assess the interaction between the EMS and the power system. Through OPF and Power Flow Tracing based analysis, the physical and economic impacts from potential cyber threats are assessed, and thereby the quantitative risks are measured in a monetary unit.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.91-105
• /
• 2010

With the release Apple's iPhone, smartphone is enjoying a tremendous popularity. Security experts pointed the smartphone security risks and KCC(Korea Communications Commission) published safety rules for smartphone users. In this paper we surveyed market and product trends of smartphone and analyzed the security technology of smartphoen OS including Symbian, iPhone OS, Windows Mobile and Android.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.103-110
• /
• 2019

Recently security related attacks occur in very diverse ways, aiming at people who operate the system rather than the system itself by exploiting vulnerabilities of the system. However, to the our best knowledge, there has been very few works to analyze and strategically to deal with the risks of social engineering attacks targeting people. In this paper, in order to access risks of social engineering attacks we analyze those attacks in terms of attack routes, attack means, attack steps, attack tools, attack goals. Then, with the purpose of accessing the organizational risks we consider the characteristics and environments of the organizations because the impacts of attacks on the organizations obviously depend on the characteristics and environments of the organizations. In addition, we analyze general attack risk assessment methods such as CVSS, CWSS, and OWASP Risk Rating Methodolog. Finally, we propose the risk access scheme of social engineering attacks for the organizations. The proposed scheme allows each organization to take its own proper actions to address social engineering attacks according to the changes of its environments.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.51-57
• /
• 2024

Cryptocurrency service providers and virtual asset operators, built on blockchain technology, face transaction risks such as cyber threats, wallet theft by internal personnel, theft of customers' private keys, and fraudulent cryptocurrency transfer signatures. To ensure secure operations against these threats, their security is validated through the ISMS-P certification. This study to analyze the risks presented in ISO TR 23576, which is specialized for cryptocurrency service providers and operators, in addition to the ISMS-P certification they obtain. The study will focus on the detailed inspection items of ISMS-P and ISO TR 23576 for cryptocurrency service providers and assess their importance. Based on this analysis, the study proposes an internal security control process for cryptocurrency service providers to address the top-priority risks, enabling practitioners to perform security control tasks more efficiently.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.353-371
• /
• 2014

We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

• Journal of Arbitration Studies
• /
• v.9 no.1
• /
• pp.323-365
• /
• 1999

The digital revolution is happening much more quickly and Internet Commerce and Electronic Commerce is having a profound influence on the global trade and internal commerce, revolutionize the way of doing business, especially retail and direct marketing. Owing to Internet, an increasing share of business transactions occurs online. Electronic payment is essential for the smooth progress of the electronic commerce as electronic payment plays the important role in the electronic commerce, that is, the value transfer resulting from the electronic commerce. So far, there have not been a considerable emphasis on the risks residing in the electronic payment and money. So, this paper deals with the risks in the electronic payment and money, in particular technical risks and social risks, and the reliability-increasing schemes to prevent the risks in the electronic payment. The reliability-increasing schemes relate to the security of the electronic payment systems and certification authority and key management, transaction rules between the parties concerned in the electronic payment.