The Journal of the Convergence on Culture Technology (문화기술의 융합)

The International Promotion Agency of Culture Technology (국제문화기술진흥원)
권호 표지
DOI QR코드

DOI QR Code

A Study on security policy for vitalizing financial company cloud

금융회사 클라우드 활성화를 위한 보안 정책 연구

  • Im, Je-sang (Dept. of Financial Security, Korea University Division of Information Security Graduate School of Information Security)
  • 임제상 (고려대학교 정보보호대학원 금융보안학과)
  • Received : 2017.09.05
  • Accepted : 2017.10.27
  • Published : 2017.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

As cloud computing can utilize the proper allocation of system resources, it can be expected to have great benefits in terms of maintaining availability and reducing costs when a cloud is applied to a financial company's computer system. Although some provisions of the Financial Supervisory Regulation were revised in October 2016, this is limited to non-critical information processing systems, limits are remain whitch the application of cloud computing to the whole computer system of financial companies including electronic financial systems. In this paper, cloud security requirements are studied for the application of financial company's computational infrastructure system.

클라우드 컴퓨팅은 시스템 자원의 적절한 분배 활용이 가능한 만큼 금융회사의전산시스템에 클라우드를 적용할 경우 가용성 유지와 비용절감 측면의 큰 이점을 기대할 수 있다. 2016년 10월 금융감독규정의 일부조항 개정이 있었지만 이는 비중요 정보처리시스템에 국한된 내용으로 전자금융시스템을 포함한 금융회사 전체 전산시스템의 클라우드 적용을 제한하고 있다. 본 논문에서는 금융회사 전산시스템 클라우드 적용을 위한 전산인프라시스템 적용 모델과 클라우드 보안 위협 정의를 통해 클라우드 보안 요구사항을 연구 한다.

Keywords

References

  1. The NIST Definition of Cloud Computing, Sep 2011 https://csrc.nist.gov/publications/detail/sp/800-145/final
  2. Security Guidance for Critical Areas of Focus in Cloud Computing v4.0, July 2017 https://cloudsecurityalliance.org/download/security-guidance-v4/
  3. Sin, Young-Sang. Hypervisor-based virtualization security technology trend in cloud environment. OSIA Standards & Technology Review, 2012.7, 25(2), 22-36
  4. Park, Jun-Hyun; Park, Jae-Seun; Jo, Jeong-Hwan; Jeon, Hwan-Ung; Jeon, Eun-Jeong; Kim, Hak-Bum. Leveraging Hybrid Cloud Technology and Security Trends. Korea Institute Of Information Security And Cryptology, 2016, 26(1), 79-91
  5. Min, Sang-Sig; Sung, Jae-Mo. Cloud computing application model and security technology research in financial sector. Korea Institute Of Information Security And Cryptology, 2011.12, 21(8), 40-45
  6. ITU-T X.1601 Security Framework for cloud computing, Oct 2015 https://www.itu.int/rec/T-REC-X.1601-201510-I/en
  7. Cloud Computing Top Threats in 2016, February 2016 https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud-computing-top-threats-in-2016/
  8. T. Kittel. "Design and Implementation of a Virtual Machine Introspection based Intrusion detection System." Master Thesis, Technische universitat munchen 2010
  9. Jung, Won-Joon. A Legal Study on Personal Data Protection Issues Caused by Cloud Computing Environment, A journal of Law/DanKook Univ. 2016.03.
  10. Kim, Hyung-Seok; Lee, Jong-Yong; Jung, Kye-Dong, "The Design of Data Hub System for Integration of Group In the Cloud Environment", International journal of advanced smart convergence, Vol 4, Issue 2, 2015, pp. 61-68 DOI: https://doi.org/10.7236/IJASC.2015.4.2.61