• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.9
• /
• pp.301-310
• /
• 2014

The absence of proactive information security management to ensure availability, accessibility and safety of information can bring serious risks to customers as well as to the organization's performance and competitiveness because improper security management undermines business continuity. This study analyzed the maturity of information security which affects the organizational performance. Through the literature reviews, a research model using the organizational performance as the dependent variable, the risk management process maturity and risk assessment process as independent variables and the information security policy indexes as moderate variables was proposed, and an empirical analysis was made on the basis of survey. The results showed that there was a high causal relationship between information security maturity and organizational performance. However, even if the proportions of information security staff ratio and the information security budget ratio increased, information security maturity did not affect organizational performance. It suggests that information security maturity affects organizational performance, but information security regulations have their limitation as being a catalyst to improve organizational performance.

• The Journal of Society for e-Business Studies
• /
• v.18 no.2
• /
• pp.69-79
• /
• 2013

Management activities of Business was globalization and had changed to a global management. Under these circumstances, business management factors and the environment has changed rapidly. Accordingly, the number of risk categories in business has increased. Especially in recent years, the convergence of industry with IT has a pivotal role in the industry's business processes. However, information systems in the Internet environment increased the efficiency of business management. Also, it increased the degree of risk and the occurrence ripple effects. In this study, we proposed risk management framework for ensuring business continuity management in information system based automobile manufacturing industry. In detail, we analysis business process in automotive manufacturing industry and identify information assets and we analysis and assess the risk.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.6
• /
• pp.567-574
• /
• 2018

Risk management is a method to 1) identify risks that can adversely affect the cost, schedule, and target achievement performance of a system development project, and 2) manage the identified risks based on the severity and likelihood assigned to each risk item. Risk management is applicable to various fields, since it can manage the cost/schedule and effectively guides accomplishing the target performance by identifying and managing the risks in advance, which necessitates many concurrent studies. This paper proposes a procedure to estimate the severity value for a risk item using a Kalman filter. It is assumed that the severity can be expressed as an equation consisting of cost/schedule loss during the risk event. A linear Kalman filter is used to reduce the error between the true and estimated values, which can eventually save resources spent on the risk management procedure. A simulation test case was conducted to demonstrate the validity of the proposed method.

• Proceedings of the Korean Institute Of Construction Engineering and Management
• /
• autumn
• /
• pp.65-72
• /
• 2001

With the recent rising project complexities and competitive environments in the construction projects, a risk management is recognized as more important management tool than the others. However, as most risk management techniques applied to the construction projects are centered around their initial phases and risk analyses, they are not developed into general project management technique such as time management, cost management and quality management, etc., that are usually applied in the process of construction. Thus, this paper proposes a response process to construction project risks based on the risk threshold and its calculation methodology applying a concept of VaR to establish risk management as general management technique in the construction projects.

• The KIPS Transactions:PartD
• /
• v.14D no.3 s.113
• /
• pp.303-310
• /
• 2007

Information system failure is various such as program test unpreparedness, physical facilities for damage prevention unpreparedness from simple software error. Although cross is trifling the result causes vast damage. Recently, became difficult by simple outside security system to solve this problem. Now, synthetic countermove establishment and suitable confrontation connected with danger came in necessary visual point about general Information Technology of enterprise. In connection with, in this paper, various informations and system and control about data that can happen information inside and outside considering integrity for IT resource, solubility, confidentiality within organization studied about special quality to model synthetic Risk Management System that can of course and cope in danger.

• Journal of Information Technology and Architecture
• /
• v.10 no.4
• /
• pp.451-466
• /
• 2013

기업들은 정보기술 리스크(IT Risk)에 대하여 어떻게 대처하고 있을까? 금융기관이나 공공기관은 태생적으로 이미 위험관리를 적극적으로 수행하고 있다. 정보기술에 대한 위험관리도 지난 10년동안 전산망 마비, 해킹 사고, 디도스 공격, 고객정보 유출 등을 겪으면서 적극적으로 대응해 왔다. 특히 2011년 농협사태는 IT 성과보다는 IT 보안을 훨씬 중요하게 보는 계기가 되었다. IT 보안 인력과 예산이 대폭 강화되고 망분리 사업이 추진되는 것이 대표적인 사례이다. 하지만 그동안 IT 위험관리는 특정 기술에 대한 사전 대응 및 사후 대응 강화에 집중되었다. 현재 IT 위험관리는 단편적 관리에서 종합적 관리로 전환되고 있다. 최근에 많은 기업들이 전사 차원의 정보기술 리스크 거버넌스(IT Risk Governance) 체계를 구축하고 있거나 구축하는 계획을 갖고 있다. 하지만 아직도 IT보안은 전사적으로 통합되지 못하였으며, IT 위험관리 프로세스는 조직에 내재화 되지 못 하였고, IT 성과관리와 연계성은 고려하지 못하고 있다. 본 논문에서는 IT 관리와 기술을 효과적으로 연계하기 위하여, 그리고 IT 성과와 IT 위험을 균형되게 관리하기 위하여 엔터프라이즈아키텍처(EA: Enterprise Architecture) 활용을 제안하고자 한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.24 no.1
• /
• pp.115-123
• /
• 2024

The purpose of this study is to contribute to how the advantages of artificial intelligence (AI) services and the associated limitations can be simultaneously overcome, using the keywords AI and risk management. To achieve this, two cases were introduced: (1) presenting a risk monitoring process utilizing AI and (2) introducing an operational toolkit to minimize the emerging limitations in the development and operation of AI services. Through case analysis, the following implications are proposed. First, as AI services deeply influence our lives, the process are needed to minimize the emerging limitations. Second, for effective risk management monitoring using AI, priority should be given to obtaining suitable and reliable data. Third, to overcome the limitations arising in the development and operation of AI services, the application of a risk management process at each stage of the workflow, requiring continuous monitoring, is essential. This study is a research effort on approaches to minimize limitations provided by advancing artificial intelligence (AI). It can contribute to research on risk management in the future growth and development of the related market, examining ways to mitigate limitations posed by evolving AI technologies.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.12
• /
• pp.543-548
• /
• 2017

In recent years, the importance of the safety of medical device software has been emphasized because of the function and role of the software among components of the medical device, and because the operation of the medical device software is directly related to the life and safety of the user. To this end, various standards have been set up that provide activities that can effectively ensure the safety of medical devices and provide their respective requirements. The activities that standards provide to ensure the safety of medical device software are largely divided into the development life cycle of medical device software and the risk management process. These two activities should be concurrent with the development process, but there is a limitation that the risk management requirements to be performed at each stage of the medical device software development life cycle are not classified. As a result, developers must analyze the association of standards directly to develop risk management activities during the development of medical devices. Therefore, in this paper, we analyze the relationship between medical device software development life cycle and risk management process, and extract risk management requirement items. It enables efficient and systematic risk management during the development of medical device software by mapping the extracted risk management requirement items to the development life cycle based on the analyzed associations.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.513-517
• /
• 2003

올해 발생한 슬래머웜 등 인터넷웜은 감염스피드와 피해영향으로 인하여, 정보보호의 전략을 급격하게 수정하게 만들었다. 가장 큰 문제는 기존의 정보보호제품이 신종 취약점과 공격에는 무용지물임이 증명되었고, 결국 Practice에 근거한 관리 및 프로세스에 의한 보안이 중요함을 보이고 있다. 또한 그동안 보안관리는 온라인화 되지 않은 자산에 근거한 모델이 많았지만 현재는 온라인화 된 자산에 대한 실시간 보안관리 방법이 매우 중요해지고 있다. 실시간 취약점관리, 실시간 위협관리, 실시간 위험관리 등을 통하여, 실시간 보안관리의 해외동향과 이론적 근거에 바탕을 둔 프레임워크 설계를 보이고자 한다.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.79-84
• /
• 2013

In this study the improved service innovation model to solve the problems that appear from a vantage point of the providing security services process through the application and appeal process of convergence security technologies proposed. The model was in view of service science to resolves the limitations that facilities management and unmanned security of physical security field through the application of meteorological information on convergence security technologies. The contribution of this research: improved risk management based on convergence security technologies through service innovation management, evaluated the quantitative value of risk management activity using service effects, and development of physical security service providing methodology using meteorological information.