발간년도 : [2014]
| 논문정보 |
|
| 논문명(한글) |
[Vol.9, No.3] IT GRC-based IT security internal control system |
|
| 논문투고자 |
Young-Rok Yu, Seong-Chae Seo, Sang-Joon Lee, Byung-Ki Kim |
|
| 논문내용 |
In this thesis, a novel IT security internal control system is proposed in order to guarantee the enterprise-wide perspective internal control which accommodates administrative, technical and physical internal control enforcement plan. Firstly, the proposed IT security internal control system synthetically manages IT security processes which are composed of information security processes, privacy processes and security service processes from the perspective of governance. Secondly, it integrates IT related logs based on Big Data to synthetically monitor information security control breach and information leakage anomaly, monitors Key Risk Indicator (KRI) for the information security threat scenario, analyses, alarms and reponses results of monitoring them from the perspective of the risk management. Lastly, it integrates and manages law and regulations related to IT security from the perspective of compliance and provides the automated and integrated IT security internal control environments to the system managers. The proposed thesis proves to be an automatical and efficient scheme to offer the IT security internal control environments through the case of a system installation in a financial company. |
|
| 첨부논문 |
|
|
|
|
|
자료실 > 논문지 
