IT GRC-based IT security internal control system (IT GRC 기반의 IT 보안 내부통제시스템)

유영록; Seongchae Seo (서성채); Lee Sang Joon (이상준); 김병기

IT GRC-based IT security internal control system

Journal of Knowledge Information Technology and Systems
Abbr : JKITS
2014, 9(3), pp.369-378
Publisher : Korea Knowledge Information Technology Society
Research Area : Interdisciplinary Studies > Interdisciplinary Research
Published : June 30, 2014

유영록 ¹, Seongchae Seo ², Lee Sang Joon ², 김병기 ²

¹씨에이에스
²전남대학교

Accredited

ABSTRACT

In this thesis, a novel IT security internal control system is proposed in order to guarantee the enterprise-wide perspective internal control which accommodates administrative, technical and physical internal control enforcement plan. Firstly, the proposed IT security internal control system synthetically manages IT security processes which are composed of information security processes, privacy processes and security service processes from the perspective of governance. Secondly, it integrates IT related logs based on Big Data to synthetically monitor information security control breach and information leakage anomaly, monitors Key Risk Indicator (KRI) for the information security threat scenario, analyses, alarms and reponses results of monitoring them from the perspective of the risk management. Lastly, it integrates and manages law and regulations related to IT security from the perspective of compliance and provides the automated and integrated IT security internal control environments to the system managers. The proposed thesis proves to be an automatical and efficient scheme to offer the IT security internal control environments through the case of a system installation in a financial company.

KEYWORDS

IT GRC, IT Internal Controls, Securities, Monitoring, IT Risks, IT Compliance

Citation status

* References for papers published after 2023 are currently being built.

[report] S. H. Hong / 2011 / Strategies for strengthening of IT internal control over financial / Financial Security Agency

[confproc] N. Racz / 2010 / A process model for integrated it governance, risk, and compliance management / Proceedings of the Ninth Baltic Conference on Databases and Information Systems (DB&IS 2010) : 155~170

[other] Electronic Publication / 2009 / The GRC technology puzzle: Getting all the pieces to fit

[journal] M. Rasmussen / 2007 / Hand in Hand / Business Trends Quarterly 2(2) : 44~46

[web] / onic Publication: Cobit 5.0 / http://www.isaca.org/Knowledge-Center/cobit/Pages/Overview.aspx

[other] D. H. Kim / 2013 / Big data environments, evolving intelligent log management platform security information / event management (SIEM) trends / NIPA weekly technology trends

[journal] J. H. Kim / 2013 / Cyber security technology trends using Big Data / Electronics and Telecommunications Trends / ETRI 28(3)

[report] Y. T. Kim / 2011 / Information security and privacy management framework introduction / Institute of Financial Security

[thesis] Y. G. Chae / 2014 / A study on the PIMS based methodology for monitoring to prevent leakage of personal information in the banking industry / 석사 / Dongguk University School of International and Information

[book] K. S. Kim / 2012 / Financial IT Security Compliance Guide / Financial Security Agency

KJCKorea
Journal Central

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89