• The KIPS Transactions:PartD
• /
• v.14D no.6
• /
• pp.689-700
• /
• 2007

Organizations and customers lose if business activities we discontinued by an incident of information systems under the current business environment because they pursue real time enterprise and on demand enterprise. The loss includes the intangible decline in brand image, customer separation, and the tangible loss such as decrease in business profits. Thus. it is necessary to have preparedness in advance and mitigation for minimization of a loss due to the business discontinuity and information system's operational risks. This paper suggests the mitigation model for minimizing the incidents of disk unit in information system's operational risks. The model will be represented by a network model which is composed of the three items as following: (1) causes, attributes, indicators of an operational risk, (2) a periodic time through an analysis of historical data, (3) an index or a regulation related to the examination of causes of an operational risk.

• Korean Journal of Computational Design and Engineering
• /
• v.11 no.5
• /
• pp.327-334
• /
• 2006

Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

• Journal of Information Technology Applications and Management
• /
• v.14 no.3
• /
• pp.95-113
• /
• 2007

To minimize IT operational risks and the opportunity cost for lost business hours. it is necessary to have preparedness in advance and mitigation activities for minimization of a loss due to the business discontinuity. There are few cases that banks have a policy on systematic management, system recovery and protection activities against system failure. and most developers and system administrators response based on their experience and the instinct. This article focuses on the mitigation model development for minimizing the incidents of disk unit in IT operational risks. The model will be represented by a network model which is composed of the three items as following: (1) the risk factors(causes, attributes and indicators) of IT operational risk. (2) a periodic time interval through an analysis of historical data. (3) an index or an operational regulations related to the examination of causes of an operational risk. This article will be helpful when enterprise needs to hierarchically analyze risk factors from various fields of IT(information security, information telecommunication, web application servers and so on) and develop a mitigation model. and it will also contribute to the reduction of operational risks on information systems.