• The Journal of Bigdata
• /
• v.4 no.2
• /
• pp.47-59
• /
• 2019

Recently, the RPA (Robotic Process Automation) solution, which has been spreading in Korea and overseas, allows users to easily automate their tasks with the application GUI (Graphic User Interface), and the number of Korean financial companies which Implemented for automating their business is increasing now. However, as the major supervisory regulations that financial institutions must comply with are based on the existing traditional SDLC (Software Development Life Cycle), it is not proper to be directly applied to RPA that automates end-user works on the level of user's system interface. Therefore, in this paper, we organized the important financial supervisory rules and control items that should be considered for RPA implementation, then surveyed 24 financial companies which have implemented RPA for checking how they applied them. Finally, we would like to present the necessity of revision of related compliance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1513-1526
• /
• 2016

Since finance companies started e-banking services, those services have been diversified and use of them has continued to increase. Finance companies are implementing financial security policy for safe e-banking services, but e-Banking incidents are continuing to increase and becoming more intelligent. Along with the rise of internet banks and boosting Fintech industry, financial supervisory institutes are not only promoting user convenience through improving e-banking regulations such as enforcing Non-face-to-face real name verification policy and abrogating mandatory use of public key certificate or OTP(One time Password) for e-banking transactions, but also recommending the prevention of illegal money transfer incidents through upgrading FDS(Fraud Detection System). In this study, we assessed a blacklist based auto detection method suitable for overall situations for finance company, a real-time based suspicious transaction detection method linking with blacklist statistics model by each security level, and an alternative FDS model responding to typical transaction patterns of which information were collected from previous e-Banking incidents.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.283-290
• /
• 2015

As society has evolved to the knowledge and information society, the importance of internal information of the company has increased gradually. Especially in financial institutions which must maintain the trust of customers, the disclosure of inside information is a big problem beyond the a company's business information disclosure level to break down sales-based businesses because it contains personal or financial transaction information. Recently, since massive outflow of internal information are occurring in several enterprises, many companies including financial companies have been working a lot in order to prevent the leakage of customer information. This paper describes the internal information leakage incidents occurred in the finance companies, the PC security vulnerabilities exists despite the main security system and internal information leakage prevention and suggests countermeasures against increasing cyber infringement threats.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.101-106
• /
• 2021

To protect financial information, financial companies establish strategies and plans for information security, operate information security management systems, establish and operate information security systems, check vulnerabilities, and secure information. This paper aims to present an information security portal system for financial companies that can gain visibility into various information security activities being undertaken by financial companies and can be integrated and managed. The information security portal system systemizes the activities of the information security department, providing an integrated environment for information security activities to participate from CEOs to executives and employees, not just from the information security department. Through this, it can also be used as information security governance that can be used by top executives to reflect information security in corporate management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.211-224
• /
• 2015

Financial companies have invested a lot in their disaster recovery system and exercised training more than once a year to comply related laws and regulations. But massive PCs(Personal Computers) became disrupted simultaneously and it took a lot of time to recover massive PCs concurrently when March 20 cyber attack occurred. So, it was impossible to meet the tartgeted business continuity level. It was because the importance of PC recovery was neglected compared to other disaster recovery areas. This study suggests the measure to recover massive branch terminal PCs of financial companies simultaneously in cost-effective way utilizing the existing technology and tests recovery time. It means that in the event of disaster financial companies could recover branch terminal PCs in 3 hours which is recommended recovery time by regulatory body. Other financial companies operating similar type and volume of branches would refer to the recovery structure and method proposed by this study.

• The Journal of Society for e-Business Studies
• /
• v.24 no.4
• /
• pp.31-48
• /
• 2019

To survive in the trend of the fourth industrial revolution, companies are putting a lot of attention and effort into personalization services using the latest technologies such as big data, artificial intelligence and the Internet of Things, while entrusting third parties to handle personal information on the grounds of work efficiency, expertise and cost reduction. In such an environment, consignors need to check trustees on a more effective and reasonable basis to ensure personal information safety for trustees. This study used AHP techniques to derive the importance and priority of each item of "Personal Information Safety Assurance Measures" for financial companies and trustees, and objectively compared and analyzed differences in perceptions of importance between financial institutions and trustees. Based on this, the company recognizes the difference between self-inspection of financial institutions and inspection of trustees and presents policy grounds and implications for applying differentiated inspection standards that reflect the weights appropriate for the purpose.

• The Korean Journal of Financial Studies
• /
• v.14 no.1
• /
• pp.119-158
• /
• 2008

본 연구에서는 복합금융그룹의 부실위험을 그룹전체기반 측도로 측정하는 방법론을 비교하고 국내 복합금융그룹의 자료를 이용하여 실증분석한다. Joint Forum(2001a) 방법은 연결기준을 사용하여 그룹내 자본의 중복요소들을 상계한 후 필요자본 대비 자기자본비율을 구한다. 신BIS 규제자본 방법은 Vasicek(1987)의 점근적 단일위험 모형을 가정하여 자산의 전체기반 위험을 측정하고 연결기준을 사용하여 자본의 중복계상을 배제하여 측정한다. 개별 경제적 자본 방법은 개별 경제적 위험을 수준별로 합산하여 전체기반 경제적 자본을 빌딩블록 방식으로 합산한다. 경제적 자본 방법은 위험 측정시 겪게 되는 극단적 손실 문제와 결합분포의 비대칭성을 반영할 수 있는 방법을 측정시 포함시킬 수 있다. 국내 복합금융그룹의 자료를 이용하여 실증분석을 한 결과, 첫째, 개별 재무지표에서 복합금융그룹 소속회사들의 ROA, ROA 변동성 그리고 총자산 대비 자기자본비율이 우량한 것으로 나타났다. 특히 가장 비중이 큰 은행산업에서 위 개별 재무지표는 복합금융그룹 소속회사에서 우량하게 나타난다. 둘째, 그룹전체기반 위험자본 측도로서 필요자본 대비 자기자본 비율과 연결기준 BIS비율을 살펴본 결과 은행계열 금융그룹의 부실위험이 낮은 것으로 판단된다. 전체적으로 국내 복합금융그룹의 부실위험은 높지 않은 것으로 판단된다. 이상의 결과를 바탕으로 복합금융그룹에 대한 리스크상시감시방안에의 시사점을 살펴보면, 첫째, 복합금융그룹 소속 금융회사에 대한 리스크 평가시 그룹전체기반 부실위험평가를 반영하여 이를 측정할 필요가 있다. 둘째, 권역별로 통일된 리스크감시를 위해 권역별 자기자본규제의 형평성을 제고할 필요가 있다.

• Review of KIISC
• /
• v.26 no.3
• /
• pp.58-63
• /
• 2016

최근 금융IT를 대상으로 한 사이버 공격이 지속적으로 증가되고 있어 금융 정보와 관련된 개인정보유출 및 금융전산망의 마비에 대한 우려의 목소리가 커지고 있다. 이에 따라 금융위원회에서는 "금융전산 보안강화 종합대책"을 발표하며 금융IT에 대한 보안대책의 일환으로 금융전산망에 대한 분리를 의무화시켰다. 하지만, 망분리 정책 실시 이후 금융회사들은 업무 환경과 맞지 않은 일부 규정들로 주요 업무 처리에 대한 어려움을 호소하였다. 이에 금융위원회에서는 금융회사의 업무의 연속성과 투명성을 보장하기 위해 망분리 예외기준을 마련하였다. 본 논문에서는 금융권 망분리의 동향을 살펴보고 망분리 예외기준과 관련하여 신설 개정된 전자금융감독규정 및 전자금융감독규정 시행세칙에 대해 소개하고자 한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.193-201
• /
• 2017

Financial firms strengthen to protect personal information from the leakage, introducing various security solutions such as print output security, internet network Isolation system, isolationg strorage of customer information, encrypting personal information, personal information detecting system, data loss prevention, personal information monitoring system, and so on. Financial companies are also entering the era of cutthroat competition due to accept of the new channels and the paradigm shift of financial instruments. Accordingly, The needs for security for customer information held by financial firms are keep growing. The large security accidents from the three card companies on January 2014 were happened, the case in which one of the outsourcing personnel seized customer personal information from the system of the thress card companies and sold them illegally to a loan publisher and lender. Three years after the large security accidents had been passed, nevertheless the security threat of the IT outsourcing workforce still exists. The governments including the regulatory agency realted to the financail firms are conducting a review efforts to prevent the leakage of personal information as well as strengthening the extent of the sanction. Through the analysis on the application of security policy for outsourcing personnel in case of large-scale Financial IT projects and the case study of appropriate security policies for security compliance, the theis is proposing a solution for both successfully completing large-scale financial IT Project and so far as possible minizing the risk from the security accidents by the outsouring personnel.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1475-1487
• /
• 2018

To verify remitter's identity when the remitter transfers money to a recipient using an electronic financial service provided by the financial institution, the remitter inputs the information; such as the withdrawal account number, the withdrawal amount, the password pre-registered with the financial company, or the information from authenticating medium that is previously distributed by the financial institution. However, the 1-Way transaction between the financial institution and the remitter is exposed to a great risk of accidents such as an anomaly remittance or a voice phishing fraud. Therefore, in this study, we propose a 2-WAY trade verification model for electronic financial transaction that can be mutually agreed by allowing the recipient to share the transaction information with the remitter and the financial company. We have improved the traditional electronic financial transaction's method by replacing it to 2-WAY trade method, and it is used for various purposes; such as preventing an error within the remittance or voice phishing fraud, enhancing loan transaction and contract transaction, etc. Through these variety of applications, we are expecting to reduce the inconveniences while improving the convenience of financial transaction and vitalizing the P2P transaction of financial institution.