• 한국재난정보학회 논문집
• /
• 제15권3호
• /
• pp.367-379
• /
• 2019

연구목적: 본 연구는 기후변화에 따른 재난의 특성을 분석하여 기후위험에 대비하기 위한 관리체계를 제시함을 목적으로 한다. 연구방법: 최근 국내외 자연재난으로 인한 피해의 추이를 분석하고 기후변화에 따른 재난의 특성을 파악함으로써 기후위험을 위한 관리체계를 설계한다. 연구결과: 기후변화에 따른 위험의 불확실성과 다양한 규모의 재난을 고려할 때, 위험의 평가에서부터 목표 설정, 계획 수립, 모니터링 및 평가, 학습과 조정 등의 핵심과정을 포함하는 포괄적 기후위험 관리체계가 요구되며, 이는 이해관계자 참여를 바탕으로 지속적으로 반복되는 체계를 의미한다. 결론: 본 연구에서 제시한 포괄적 기후위험 관리체계를 효과적으로 추진하기 위해 시범사업을 통해 관리체계를 수정 및 보완하고, 필요한 제도적 여건을 마련해야 한다.

• 디지털융복합연구
• /
• 제17권1호
• /
• pp.141-148
• /
• 2019

디지털 기술의 발전으로 지능화 및 융합화가 가속화됨에 따라, 비즈니스 모델 및 인프라, 기술 등 여러 측면에서 기존 방식을 초월한 변화가 요구되고 있다. 변화된 비즈니스 환경에서는 다양한 보안 위험이 점증하고 있으며, 보안 위험관리의 중요성이 더욱 커지고 있다. 기존의 정보자산 기반의 위험관리에서 벗어나 비즈니스 중심의 위험관리가 대두되고 있는 시점에서 이를 위해서는 비즈니스 목표 달성을 위한 위험성향(Risk Appetite)을 파악하는 것이 필수적이며, 이는 추후 프로세스에서 발생하는 제반 의사결정 과정에 있어 판단 기준을 제공한다. 따라서 본 논문에서는 기존 위험성향 선행연구 분석 및 보호동기이론을 분석하여, 보안 위험성향 수준을 파악할 수 있는 프레임워크를 개발하였다. 또한 개발된 위험성향 프레임워크의 실무적 타당성을 검토하기 위해, 보안 위험관리 실무 전문가들로 구성된 자문위원회를 통해 적용가능성과 중요성을 검토하였다. 검토 결과, 재무, 운영, 기술, 평판, 컴플라이언스, 문화 6개의 보안 위험성향 고려 위험분야와 인지된 심각성, 인지된 취약성, 자기효능감, 반응효능감 4개의 요인이 보안 위험성향 측정을 위한 프레임워크 구성요소로서 타당한 것으로 검토되었다.

• International Journal of Quality Innovation
• /
• 제10권2호
• /
• pp.1-17
• /
• 2009

This paper presents a theoretical research framework that was used to analyse operational risk management (ORM) system practices in Australia. It provides a new perspective on how to use national and international operational management system standards as a basis for systematic management of operational risks. Based on the extensive literature review and the analysis of operational risk management system practices that are common in Australian organisations, this paper identifies the critical factors for effective use of an ORM system. The proposed framework could also be used as a model to research ORM system applications in other countries.

• 해양환경안전학회지
• /
• 제21권3호
• /
• pp.283-289
• /
• 2015

This paper provides a study on the application and proposals of safety culture, new public management and social amplification of risk framework via ship accidents in Korea. This document analyzes what are the concept of safety culture, new public management as well as social amplification and risk framework and describes how 3 issues act, harmonize, interrelate through M/V Sewol accident. Korean government is needed to apply social amplification of risk framework to the in order to promote the safety culture in the maritime administration. Hence, this paper proposes safety framework in order to prevent and resolve future unexpected accident especially for maritime field.

• The Journal of Asian Finance, Economics and Business
• /
• 제5권3호
• /
• pp.185-193
• /
• 2018

This paper aims to explore the risk governance framework and socially viable solutions, attempting to provide guidance for the decision making process. The key idea of this study start with overcoming the limitations of IRGC risk governance framework, which mainly focuses on a comprehensive framework for risk governance. This article has employed SWOT analysis as a methodology, which is a strategic planning technique used to help identifying the strengths, weaknesses, opportunities, and threats related to business competition or risk management. In this paper, socially viable solutions as an alternative plan place emphasis on the adoption of concern assessment through a concerns table. It is also proposed that scoping has to get introduced, with SWOT analysis in the process. The results of this paper support that multiple stakeholders have to participate in the process of identifying and framing risk and communicating with each other, considering the context. It should be noted that communities can become involved and take important parts in decision making process in various ways. It is recommended that engaging stakeholders to both risk assessment and risk management is material to dealing with risk in a socially viable way. It also implies that the community-based disaster management should be better prepared for the decision making process in socially viable solutions.

• 기록학연구
• /
• 제27호
• /
• pp.119-168
• /
• 2011

국가기록원을 포함한 우리나라 정부 공공영역의 기록관리 기관들이 공통으로 갖고 있는 전자기록의 장기보존이라는 업무목표를 달성하기 위해 점검체계로서 위험관리기법을 제시한다. 위험관리기법의 역사와 핵심 개념을 살펴보고, 위험평가에 기반한 자가 점검체계로 개발된 DRAMBORA의 구조와 내용을 살펴본 후, 이를 응용하여 우리나라 정부 공공영역의 기록관리기관이 전자기록 장기보존 업무를 대상으로 위험관리 체계를 만들어 가는 절차와 방법을 제안한다. 기록관리 기관의 업무배경을 정의하는 절차와 방법, 업무를 정의하고 위험요소를 도출하는 절차와 방법, 위험을 평가하는 절차와 방법과 고려사항 등을 DRAMBORA를 응용하여 제시하고 있다. 위험관리기법은 모든 업무영역에서 응용이 가능한 업무품질 향상기법이라 할 수 있으며 DRAMBORA는 전자기록관리 업무를 수행하는 기관이 참조할 만한 업무 점검 프레임워크를 제시하고 있다. 전자기록을 관리하는 기관들이 스스로의 업무 영역과 활동을 정의하고, 업무 영역별 전자기록의 품질 목표를 정의할 수 있다면 이를 기반으로 DRAMBORA의 프레임워크를 응용하여 보다 용이하게 위험관리 기법을 적용할 수 있다.

• 국제학술발표논문집
• /
• The 2th International Conference on Construction Engineering and Project Management
• /
• pp.729-738
• /
• 2007

The Public Private Partnership/Private Finance Initiative (PPP/PFI) schemes have made the private sector become a major participant involved in the development of infrastructure systems along with the government. Due to more integrated efforts among project participants and longer concession period, PPP/PFI projects are inherently more complex and risky. It is therefore very important to proactively manage the risks involved throughout the project life cycle. Conventional risk management strategies sometimes ignore managerial flexibility in the planning and execution process. This paper starts with a revised risk management framework which incorporates the real option concept. Following the presentation of the framework, a new risk classification is proposed which leads to different ways of structuring options in a project according to the stage of the project life cycle. Finally, the paper closes by discussing other issues concerning option modeling and negotiation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권1호
• /
• pp.406-434
• /
• 2019

In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB(R) fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

• Industrial Engineering and Management Systems
• /
• 제13권2호
• /
• pp.203-209
• /
• 2014

This research designed and implemented a supply chain risk management platform and applied it to a case study of reduced-fat Lanna pork sausage as a new product development project. The proposed framework has three stages: risk identification, risk assessment, and risk mitigation. Seventeen risk agents with 17 risk events were identified based on SWOT analysis and the Porter Five Forces concept through the process of planning, sourcing, making and delivering, partially captured from the supply chain operations reference model in the first stage. In the second stage, an house of risk (HOR) framework was applied to present the impacts of each risk agent. In the third stage, eight risk agents with high impact were selected to design 21 preventive actions. Finally, three preventive actions with the highest effectiveness to difficulty ratio scores-'sales evaluation of familiar products', 'increasing distribution channels and promotions to improve sales', and 'work flow improvement for work safety'-were then recommended for this new product development.

• International Journal of Computer Science & Network Security
• /
• 제24권5호
• /
• pp.73-78
• /
• 2024

COVID-19 pandemic outbreak increased the use of Internet of Medical Things (IoMT), but the existing IoMT solutions are not free from attacks. This paper proposes a secure and resilient framework for IoMT, it computes the risk using Risk Impact Parameters (RIP) and Risk is also calculated based upon the Threat Events in the Internet of Medical Things (IoMT). UICC (Universal Integrated Circuit Card) and TPM (Trusted Platform Module) are used to ensure security in IoMT. PILAR Risk Management Tool is used to perform qualitative and quantitative risk analysis. It is designed to support the risk management process along long periods, providing incremental analysis as the safeguards improve.