skip to main content
10.1145/2781562.2781607acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicecConference Proceedingsconference-collections
research-article

A Study on the Information Technology Security Review Process in Finance

Published: 03 August 2015 Publication History

Abstract

It is better to adapt IT security review in all the system development. However, it is almost impossible to do this because of the cost problem. In this paper, we sorted the system by its character such as the data and investment size. This sorting can be used as a standard for adapting IT security review. Though it is necessary to review the security functions and requirement from the analysis design level, this process is ignored in most of the system development. In the important system, this security review has been compulsory in Korean finance. Especially Financial supervisory service in Korea announced that all of financial companies have to review the IT security task whenever they do the IT system development on the base of compliance named `Electronic finance supervisory rule'. Is it necessary to adapt the strong review process in every IT system? In this paper, we show this standard. For this, we sorted the IT system in 4 models and made the review process. This standard can play a role in deciding whether the very system development should get the strong security review or not. This trial is expected to help other financial companies make decisions whether the process of IT security review should be strong or not. This can save the cost by adapting the strong security review only in the important system development.

References

[1]
COSCOM, "The standard to compulsory IT security review in Finance", COSCOM, 2010.
[2]
H. Herath and T. Herath, Investments in Information Security: A Real Options Perspective with Bayesian Post-Audit, Journal of Management Information Systems, Vol.25, No.3, pp 337--375, 2009.
[3]
H. Susanto et al., Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment, International Journal of Science and Advanced Technology, Vol.1, No.10, 2011.
[4]
J.L. Spears and H. Barki, User Participation in Information Systems Security Risk Management, MIS quarterly, Vol.34, No.3, pp 503--522. 2010.
[5]
S. E. Chang and S.-Y. Chen, Exploring the Relationships between It Capabilities and Information Security Management, International Journal of Technology Management, Vol.54, No.2, pp 147-- 166, 2011.
[6]
S. H. Susanto et al., Integrated Solution Modeling Software: A New Paradigm on Information Security Review and Assessment, International Journal of Science and Advanced Technology, Vol.1, No.10, 2011.
[7]
S. Parakkattu and A.S. Kunnathur, A Framework for Research in Information Security Management, 2010 Northeast Decision Sciences Institute Proceedings, pp 318--323. 2010.
[8]
S. P. Datta and P. Banerjee, Guidelines for Performance Measures of Information Security of It Network and Systems, International Journal of Research and Reviews in Next Generation Networks, Vol.1, No.1, pp 39--43, 2011
[9]
S.R. Boss, L. J. Kirsch, I. Angermeier, R. A. Shingler and R. W. Boss, If Someone Is Watching, I'll Do What I'm Asked: Mandatoriness, Control, and Information Security, European Journal of Information Systems, Vol. 18, pp 151--164, 2009.
[10]
Q. Ma, M.B. Schmidt and J.M. Pearson, An Integrated Framework for Information Security Management, Review of Business, Vol.30, No.1, pp 58--69, 2009.
[11]
Tu et al., Critical Success Factors Analysis on Effective Information Security Management: A Literature Review, Information Systems Security, Assurance, and Privacy Track (SIGSEC), Twentieth Americas Conference on Information Systems, pp.1--12, 2014.
[12]
Y. Yildirim, G. Akalp, S, Aytac and N. Bayram, Factors Influencing Information Security Management in Small-and Medium-Sized Enterprises: A Case Study from Turkey, International Journal of Information Management, Vol.31, No.4, pp 360--365, 2011.

Cited By

View all
  • (2022)Improving the economic basis for advanced training of teaching staffManagement of Education10.25726/i2268-1978-0119-m(107-113)Online publication date: 15-Jun-2022

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015
August 2015
268 pages
ISBN:9781450334617
DOI:10.1145/2781562
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

  • KRF: Korea Research Foundation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 August 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Analysis-design level
  2. Cost effective decision making in IT security review
  3. Electronic finance
  4. IT security
  5. Security review
  6. System development process

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ICEC '15

Acceptance Rates

ICEC '15 Paper Acceptance Rate 39 of 55 submissions, 71%;
Overall Acceptance Rate 150 of 244 submissions, 61%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Improving the economic basis for advanced training of teaching staffManagement of Education10.25726/i2268-1978-0119-m(107-113)Online publication date: 15-Jun-2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media