Compliance risk assessment measures of financial information security using system dynamics

Ae Chan Kim, Su Mi Lee, Dong Hoon Lee

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

In this paper, we analyze relationships between EFT (Electronic Financial Transaction) Act of Korea and risk assessment standards and propose the map that helps financial institutions determine the priority of security control areas. It is a new method for financial information security risk identification and assessment through correlation analysis between the variety security standards and requirements. We attempt to integrate different information security standards and propose risk assessment measures specializing in financial companies based on the mixed methods of quantitative and qualitative methods to determine the priority through the calculation of weights. From the results of correlation analysis, three main security control areas are found to be more important than other areas and it can be utilized as a risk management measure about security countermeasures. In addition, financial companies should improve three main security control areas in an interval of at least 10 months. We expect that our result can be provided to security manager and IT auditor for establishment of risk mitigation strategies as basic data.

Original languageEnglish
Pages (from-to)191-200
Number of pages10
JournalInternational Journal of Security and its Applications
Volume6
Issue number4
Publication statusPublished - 2012 Dec 1

Fingerprint

Security of data
Security systems
Risk assessment
Risk management
Industry
Managers
Compliance

Keywords

  • Financial information security
  • Risk assessment
  • System dynamics

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Compliance risk assessment measures of financial information security using system dynamics. / Kim, Ae Chan; Lee, Su Mi; Lee, Dong Hoon.

In: International Journal of Security and its Applications, Vol. 6, No. 4, 01.12.2012, p. 191-200.

Research output: Contribution to journalArticle

Kim, AC, Lee, SM & Lee, DH 2012, 'Compliance risk assessment measures of financial information security using system dynamics', International Journal of Security and its Applications, vol. 6, no. 4, pp. 191-200.
Kim AC, Lee SM, Lee DH. Compliance risk assessment measures of financial information security using system dynamics. International Journal of Security and its Applications. 2012 Dec 1;6(4):191-200.
Kim, Ae Chan ; Lee, Su Mi ; Lee, Dong Hoon. / Compliance risk assessment measures of financial information security using system dynamics. In: International Journal of Security and its Applications. 2012 ; Vol. 6, No. 4. pp. 191-200.
@article{4a418e4aaf9c40219e9c7f382390775c,
title = "Compliance risk assessment measures of financial information security using system dynamics",
abstract = "In this paper, we analyze relationships between EFT (Electronic Financial Transaction) Act of Korea and risk assessment standards and propose the map that helps financial institutions determine the priority of security control areas. It is a new method for financial information security risk identification and assessment through correlation analysis between the variety security standards and requirements. We attempt to integrate different information security standards and propose risk assessment measures specializing in financial companies based on the mixed methods of quantitative and qualitative methods to determine the priority through the calculation of weights. From the results of correlation analysis, three main security control areas are found to be more important than other areas and it can be utilized as a risk management measure about security countermeasures. In addition, financial companies should improve three main security control areas in an interval of at least 10 months. We expect that our result can be provided to security manager and IT auditor for establishment of risk mitigation strategies as basic data.",
keywords = "Financial information security, Risk assessment, System dynamics",
author = "Kim, {Ae Chan} and Lee, {Su Mi} and Lee, {Dong Hoon}",
year = "2012",
month = "12",
day = "1",
language = "English",
volume = "6",
pages = "191--200",
journal = "International Journal of Security and its Applications",
issn = "1738-9976",
publisher = "Science and Engineering Research Support Society",
number = "4",

}

TY - JOUR

T1 - Compliance risk assessment measures of financial information security using system dynamics

AU - Kim, Ae Chan

AU - Lee, Su Mi

AU - Lee, Dong Hoon

PY - 2012/12/1

Y1 - 2012/12/1

N2 - In this paper, we analyze relationships between EFT (Electronic Financial Transaction) Act of Korea and risk assessment standards and propose the map that helps financial institutions determine the priority of security control areas. It is a new method for financial information security risk identification and assessment through correlation analysis between the variety security standards and requirements. We attempt to integrate different information security standards and propose risk assessment measures specializing in financial companies based on the mixed methods of quantitative and qualitative methods to determine the priority through the calculation of weights. From the results of correlation analysis, three main security control areas are found to be more important than other areas and it can be utilized as a risk management measure about security countermeasures. In addition, financial companies should improve three main security control areas in an interval of at least 10 months. We expect that our result can be provided to security manager and IT auditor for establishment of risk mitigation strategies as basic data.

AB - In this paper, we analyze relationships between EFT (Electronic Financial Transaction) Act of Korea and risk assessment standards and propose the map that helps financial institutions determine the priority of security control areas. It is a new method for financial information security risk identification and assessment through correlation analysis between the variety security standards and requirements. We attempt to integrate different information security standards and propose risk assessment measures specializing in financial companies based on the mixed methods of quantitative and qualitative methods to determine the priority through the calculation of weights. From the results of correlation analysis, three main security control areas are found to be more important than other areas and it can be utilized as a risk management measure about security countermeasures. In addition, financial companies should improve three main security control areas in an interval of at least 10 months. We expect that our result can be provided to security manager and IT auditor for establishment of risk mitigation strategies as basic data.

KW - Financial information security

KW - Risk assessment

KW - System dynamics

UR - http://www.scopus.com/inward/record.url?scp=84872844756&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84872844756&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84872844756

VL - 6

SP - 191

EP - 200

JO - International Journal of Security and its Applications

JF - International Journal of Security and its Applications

SN - 1738-9976

IS - 4

ER -

Access to Document