• 한국정보시스템학회지:정보시스템연구
• /
• 제30권3호
• /
• pp.65-91
• /
• 2021

Purpose In this study, we investigated the impact of perceived risk and switching costs on switching intention to cloud service based on PPM (Pull-Push-Mooring) model. Design/methodology/approach We focused on revealing the switching factors of the switching intention to the cloud services. The switching factors to the cloud services were defined as perceived risk consisting of performance risk, economic risk, and security risk, and switching costs consisting of financial and learning costs. On the PPM model, we defined the pull factors consisting of perceived usefulness and perceived ease of use, and the push factor as satisfaction of the legacy system, and the mooring factor as policy supports. Findings The results of this study as follows; (1) Among the perceived risk factors, performance risk has a negative effect on the ease of use of pull factors, and finally it was found to affect the switching intention to the cloud services. Therefore, cloud service providers need to improve trust in cloud services, service timeliness, and linkage to the legacy systems. And it was found that economic risk and security risk among the perceived risk factors did not affect the switching intention to the cloud services. (2) Of the perceived risk factors, financial cost and learning cost did not affect the satisfaction of the legacy system, which is a push factor. It indicates that the respondents are positively considering switching to cloud service in the future, despite the fact that the respondents are satisfied with the use of the legacy system and are aware of the switching cost to cloud service. (3) Policy support was found to improve the switching intention to cloud services by alleviating the financial and learning costs required for cloud service switching.

• Journal of Information Processing Systems
• /
• 제10권2호
• /
• pp.240-255
• /
• 2014

Cloud computing has increasingly been drawing attention these days. Each big company in IT hurries to get a chunk of meat that promises to be a whopping market in the future. At the same time, information is always associated with security and risk problems. Nowadays, the handling of these risks is no longer just a technology problem, with a good deal of literature focusing on risk or security management and framework in the information system. In this paper, we find the specific business meaning of the BMIS model and try to apply and leverage this model to cloud risk. Through a previous study, we select and determine the causal risk factors in cloud service, which are also known as CSFs (Critical Success Factors) in information management. Subsequently, we distribute all selected CSFs into the BMIS model by mapping with ten principles in cloud risk. Finally, by using the leverage points, we try to leverage the model factors and aim to make a resource-optimized, dynamic, general risk control business model for cloud service providers.

• Journal of Information Processing Systems
• /
• 제10권1호
• /
• pp.132-144
• /
• 2014

Information always comes with security and risk problems. There is the saying that, "The tall tree catches much wind," and the risks from cloud services will absolutely be more varied and more severe. Nowadays, handling these risks is no longer just a technology problem. So far, a good deal of literature that focuses on risk or security management and frameworks in information systems has already been submitted. This paper analyzes the causal risk factors in cloud environments through critical success factors, from a business perspective. We then integrated these critical success factors into a business model for information security by mapping out 10 principles related to cloud risks. Thus, we were able to figure out which aspects should be given more consideration in the actual transactions of cloud services, and were able to make a business-level and general-risk control model for cloud computing.

• Journal of Information Processing Systems
• /
• 제12권2호
• /
• pp.226-233
• /
• 2016

Cloud computing is a distributed computing model that has lot of drawbacks and faces difficulties. Many new innovative and emerging techniques take advantage of its features. In this paper, we explore the security threats to and Risk Assessments for cloud computing, attack mitigation frameworks, and the risk-based dynamic access control for cloud computing. Common security threats to cloud computing have been explored and these threats are addressed through acceptable measures via governance and effective risk management using a tailored Security Risk Approach. Most existing Threat and Risk Assessment (TRA) schemes for cloud services use a converse thinking approach to develop theoretical solutions for minimizing the risk of security breaches at a minimal cost. In our study, we propose an improved Attack-Defense Tree mechanism designated as iADTree, for solving the TRA problem in cloud computing environments.

• 산업경영시스템학회지
• /
• 제35권3호
• /
• pp.70-76
• /
• 2012

This research tested how the perceived risk and the trust affect the usage intention of the cloud computing. To this end, this research setups a research model and tests it with the statistic tools. In order to build the model, TAM (Technology Acceptance Model) and UTAUT (Unified Theory of Acceptance and Use of Technology) were employed and, the factors such as the perceived risk, the trust and the intention of the cloud computing use were derived. This research finds that the perceived risk does not affect the intention of usage. Also the perceived risk has the negative effect for the trust. Thus this research has the following suggestions.

• Journal of Platform Technology
• /
• 제9권2호
• /
• pp.10-25
• /
• 2021

정보보안에 있어서 온-프레미스의 환경에서 위험분석평가에 대한 많은 연구가 진행되었지만, 클라우드컴퓨팅 시스템에 대한 위험분석평가의 효과적인 방법론에 대한 연구는 많이 부족한 실정이다. 2015년 클라우드컴퓨팅 발전법이 제정되어 클라우드컴퓨팅 도입 촉진 계기가 되었다, 그러나 클라우드컴퓨팅 시스템의 보안사고 증가 등의 이유로 활성화가 미진한 상황이다. 또한, 클라우드컴퓨팅 시스템을 도입하려는 관련 담당자의 클라우드컴퓨팅 시스템 기술 이해의 어려움 때문에 적극적으로 도입이 이루어지고 있지 않은 상황이다. 이에 관하여 이 연구는 클라우드컴퓨팅 시스템이 가진 특성과 개념, 그리고 모델을 살펴보고 이러한 특성이 위험분석평가에 어떻게 영향을 미치는지를 분석하여 효과적인 위험분석평가 방법을 제시하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권1호
• /
• pp.406-434
• /
• 2019

In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB(R) fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

• 경영정보학연구
• /
• 제17권1호
• /
• pp.117-140
• /
• 2015

클라우드 서비스는 10대 IT 전략기술 트렌드로 주목받고 있지만 국내 중소기업의 경우 대부분 비용 제약의 문제로 보안 위험이 높은 퍼블릭 클라우드를 사용하고 대기업에 비해 클라우드 서비스에 대한 이해도가 낮으며 도입률 또한 저조한 편이다. 한편 IT 프로젝트에서의 불확실성을 헷징하기 위한 방편으로 실물옵션 전략이 주목을 받고 있는데 본 연구에서는 클라우드 서비스의 기술적, 안전성, 관계적, 경제적 위험요소 간의 인과관계를 밝히고 경제적 위험이 실물옵션 채택의도에 어떠한 영향을 주는지에 관한 연구를 실시하였다. 본 연구는 전문업체에 의뢰하여 클라우드 서비스를 사용하고 있는 수도권 내 중소기업을 대상으로 설문조사를 실시하였다. 총 287부를 120개의 기업별로 평균을 내어 조직수준에서 분석을 하였으며 통계적 분석에는 Smart PLS Version 2.0.M3과 SPSS Statistics18을 활용하였다. 연구결과에 의하면 클라우드 서비스의 기술적 위험은 안전성 위험에 유의한 정(+)의 영향을 미쳤고 클라우드 서비스의 관계적 위험은 경제적 위험에 유의한 정(+)의 영향을 미쳤다. 그리고 클라우드 서비스의 안전성 위험은 경제적 위험에 유의한 정(+)의 영향을 미쳤고 경제적 위험은 연기옵션과 포기옵션 채택의도에 유의한 정(+)의 영향을 미쳤다. 본 연구는 클라우드 서비스를 사용함으로써 겪을 수 있는 여러 위험 요인을 세분화하고 위험 요인과 실물옵션간의 관계를 명확히 밝힘으로써 클라우드 서비스 계약 시에 실물옵션을 적용할 수 있는 이론적인 바탕이 될 수 있게 하였다. 실무적으로는 클라우드 서비스를 사용함에 있어 발생할 수 있는 여러 위험들을 효과적으로 관리하고 통제하기 위하여 클라우드 서비스 계약 시 이들 위험들을 관리할 수 있는 실물옵션을 계약사항에 제시함으로써 사용자와 공급자 모두에게 도움이 될 수 있는 전략을 세울 수 있다는 데에 의의가 있다.

• Journal of Information Technology Applications and Management
• /
• 제24권4호
• /
• pp.117-131
• /
• 2017

We question whether Korean IT managers consider real options to reduce risks of cloud service implementation. This work investigates the impact of technology risk, relationship risk, economy risk, security risk upon the intention of IT managers to utilize abandon & expansion options. We also analyze moderation effect of centralization level of decision making between these risks and the utilization of real options. Using the survey questionnaire, we empirically find that technology risk, relationship risk and security risk have significant effect upon abandon option and technology risk, relationship risk, and economy upon expansion option. We also find the evidence that centralization level moderates some risks and the direction of moderation effect is to offset the effect of risks on intention to utilize real options.

• 정보보호학회논문지
• /
• 제28권1호
• /
• pp.229-239
• /
• 2018

본 논문은 기존의 CCTV가 가진 문제점을 분석하고, 클라우드 컴퓨팅 환경에서의 IP-CCTV를 사용할 때, 보안문제점에 대하여 논한다. 클라우드 서비스 제공과 관련된 보안 위험을 단순히 위험 현상만 제거하는 실수를 줄이기 위해서는 위험 분석과 조치에 대한 효과적인 수행 방법이 필요하다. 이에 따라, Threat Risk Modeling의 STRIDE 모델을 통하여 위협 분석을 하고, 위협 분석된 내용을 토대로 Analytic Hierarchy Process(AHP) 방법론을 사용하여 위험 우선순위를 측정하였으며, 우선순위에 대한 적절한 해결방법이 무엇인지를 분석하였다.