Compliance risk assessment measures of financial information security using system dynamics

Ae Chan Kim, Su Mi Lee, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

14 Citations (Scopus)


In this paper, we analyze relationships between EFT (Electronic Financial Transaction) Act of Korea and risk assessment standards and propose the map that helps financial institutions determine the priority of security control areas. It is a new method for financial information security risk identification and assessment through correlation analysis between the variety security standards and requirements. We attempt to integrate different information security standards and propose risk assessment measures specializing in financial companies based on the mixed methods of quantitative and qualitative methods to determine the priority through the calculation of weights. From the results of correlation analysis, three main security control areas are found to be more important than other areas and it can be utilized as a risk management measure about security countermeasures. In addition, financial companies should improve three main security control areas in an interval of at least 10 months. We expect that our result can be provided to security manager and IT auditor for establishment of risk mitigation strategies as basic data.

Original languageEnglish
Pages (from-to)191-200
Number of pages10
JournalInternational Journal of Security and its Applications
Issue number4
Publication statusPublished - 2012


  • Financial information security
  • Risk assessment
  • System dynamics

ASJC Scopus subject areas

  • Computer Science(all)


Dive into the research topics of 'Compliance risk assessment measures of financial information security using system dynamics'. Together they form a unique fingerprint.

Cite this