Yuan-sheng Zhong,De-ren Chen,Min-hua Shi

DOI: https://doi.org/10.1007/bf03396428

2002-01-01

Journal of Zhejiang University SCIENCE A

Abstract:In view of the risk of E-commerce and the response of the insurance industry to it, this paper is aimed at one important point of insurance, that is, estimation of financial loss ratio, which is one of the most difficult problems facing the E-insurance industry. This paper proposes a quantitative analyzing model for estimating E-insurance financial loss ratio. The model is based on gross income per enterprise and CSI/FBI computer crime and security survey. The analysis results presented are reasonable and valuable for both insurer and the insured and thus can be accepted by both of them. What we must point out is that according to our assumption, the financial loss ratio varied very little, 0.233% in 1999 and 0.236% in 2000 although there was much variation in the main data of the CSI/FBI survey.

Wei Sun,Xiangwei Kong,Dequan He,Xingang You

DOI: https://doi.org/10.1109/ISECS.2008.147

2008-01-01

Abstract:The purpose of this paper is to resolve information security problem in the mobile electronic commerce industry chain. We analyze information security based on evolutionary game theory. In this paper, we set up the information security game model with penalty parameter, calculate replicator dynamics, and analyze the evolutionary stable strategy of the game model. The result reveals that reducing the investment cost is the key factor to promote information security investment. If this condition can not be satisfied, the regulation of penalty parameter will help to promote the investment. The research method in this paper provides a new thought for the solution of information security in the mobile electronic commerce chain.

Min-Jeong Kim,Namgil Heo,Jinho Yoo

DOI: https://doi.org/10.13089/jkiisc.2016.26.1.275

2016-02-29

Journal of the Korea Institute of Information Security and Cryptology

Abstract:Currently Internet and IT infrastructure of Korea has maintained the world's highest levels. But in another aspect, security incident, especially personal information breaches occur frequently. As personal information leakage happened, the companies will be negatively affected. And to prevent this, they have implemented to use a variety of security solutions from information security vendors. Therefore we set up hypotheses that the companies experienced personal information leakage as well as information security companies providing security solutions will be affected by the leakages. So this paper verify hypotheses about the impact of the value of information security companies, through analysing stock price fluctuation of the companies. We found that the stock price of information security companies has increased as personal information leakage happened. And differences according to leakage volumes and types of business are not statistically significant. But there are significant differences according to business classification of information security companies.

Kholekile L. Gwebu,Jing Wang,Wenjuan Xie

2014-01-01

Abstract:To estimate the cost of a data breach to the inflicted firm, this study examines the relationship between a breach incident and changes in the inflicted firm’s profitability, perceived risk, and the inflicted firms’ information environment transparency. Profitability is measured as reported earnings and analysts’ earnings forecasts. Perceived risk is measured as reported stock return volatility and dispersion among analysts’ forecasts. Although a number of studies have investigated the stock market reaction surrounding the disclosure of a breach incident to quantify the cost associated with breaches, we argue that there exists information uncertainty and deficiency in the disclosure of the breach incident and stock market reaction surrounding a security breach announcement date may not be the best measure for the cost of security breaches. And research using other complementary measures is warranted. Our preliminary finding suggests that data breaches negatively impact firm profitability, perceived risk and information transparency. Nevertheless, the damage of a breach most likely stems from direct costs such as compensation and litigation costs rather than indirect costs such as tarnished reputation and a decrease in market share and sales. More sophisticated analysts are also found to add value in estimating the real cost of a security breach.

Hyoung-Gyu Kim,Min-Ho Kim,Jung-Sook Kwon,Yong-Lak Choi

DOI: https://doi.org/10.9716/kits.2014.13.2.163

2014-06-30

Journal of the Korea society of IT services

Abstract:Personal information has been stolen continuously and it is also affected from development of the Internet. So the government requires that companies spend more effort for protecting customers' personal information. The OLAP server also should meet this requirement, but it is hard to satisfy for the authority management. The OLAP server must use personal information to extract required information from database. This thesis suggests a model of separating between general information and personal information, so this model can help to minimize the leakage of personal information. The model is implemented and tested as a prototype. This prototype can prove that the new model is better than the original one. This study presents that the authority management on the separation between personal information and general information helps protect the personal information of customers.

Sung-Hwan Kim,Nam-Uk Kim,Tai-Myoung Chung

DOI: https://doi.org/10.1108/k-05-2014-0106

IF: 2.352

2015-01-12

Kybernetes

Abstract:Purpose – The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization’s IT environment. The model considers the security risks associated with stored data, as well as services and devices that can act as channels for data leakages. The authors propose a sensitive information (SI) leakage vulnerability model. Design/methodology/approach – Factors identified as having an impact on the security profile are identified, and scores are assigned based on detailed criteria. These scores are utilized by mathematical models that produce a vulnerability index, which indicates the overall security vulnerability of the organization. In this chapter, the authors verify the model result extracted from SI leakage vulnerability weak index by applying the proposed model to an actual incident that occurred in South Korea in January 2014. Findings – The paper provides vulnerability result and vulnerability index. They are depends on SI state in information systems. Originality/value – The authors identify and define four core variables related to SI leakage: SI, security policy, and leakage channel and value of SI. The authors simplify the SI leakage problem. The authors propose a SI leakage vulnerability model.

computer science, cybernetics

Myeong-soo Jeong,Kyung-ho Lee

DOI: https://doi.org/10.13089/jkiisc.2015.25.3.691

2015-06-30

Journal of the Korea Institute of Information Security and Cryptology

Abstract:Recently, with the growing number of services using personal information, government offices' tasks have become more dependent to personal information. Various policies and systems have been made and managed for the safe use of personal information in the circumstances that inevitably require the use of personal information, but the personal information privacy incidents and their scale are on a constant increase. Thus, Korea has been implementing personal information protection management system since 2008 to examine whether public organizations observe the personal information protection act and to how well they manage the personal information, and to improve what is insufficient in the process. However, despite high scores of the outcomes of the system, questions about the effectiveness of the outcomes and about the actual manage level are being raised. Thus, this study seeks to analyze public organizations' activities to protect personal information and the effectiveness of their foundation efforts for them by using the DEA model, and to propose a new model to enhance the effectiveness of the outcomes of personal information protection management system by reflecting them into the outcomes of system, using the derived effectiveness.

English Else

Jay Pil Choi,Doh-Shin Jeon,Byung-Cheol Kim

DOI: https://doi.org/10.2139/ssrn.3115049

2018-01-01

SSRN Electronic Journal

Abstract:We provide a theoretical model of privacy in which data collection requires consumers' consent and consumers are fully aware of the consequences of such consent. Nonetheless, excessive collection of personal information arises in the monopoly market equilibrium which results in excessive loss of privacy compared to the social optimum. In a fragmented market with a continuum of firms, no individual website has incentives to collect and monetize users' personal data in the presence of scale economies in data analytics. However, the emergence of data brokerage industry can restore these incentives. Our results have important policy implications for the ongoing debate regarding online privacy protection: excessive loss of privacy emerges even with costless reading and perfect understanding of all privacy policies. We support the view that privacy is a public good and propose alternative policy remedies beyond the current informed-consent approach.

English Else

Xi Chen,Indranil Bose,Alvin Leung,Chenhui Guo

2009-01-01

Abstract:We assess the severity of phishing attacks in terms of their risk levels and the potential loss in market value to the firms. We analyze 1,030 phishing alerts released on a public database as well as financial data related to the targeted firms using a hybrid text and data mining method that predicts the severity of the attack with high accuracy. Our research identifies the important textual and financial variables that impact the severity of the attacks and determine that different antecedents influence risk level and potential financial loss associated with phishing attacks.

Sungjin Park,Jong-in Lim

Abstract:In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.

Computer Science,Business

Tamara Dinev,Paul Hart

DOI: https://doi.org/10.1287/isre.1060.0080

IF: 4.9

2006-03-01

Information Systems Research

Abstract:While privacy is a highly cherished value, few would argue with the notion that absolute privacy is unattainable. Individuals make choices in which they surrender a certain degree of privacy in exchange for outcomes that are perceived to be worth the risk of information disclosure. This research attempts to better understand the delicate balance between privacy risk beliefs and confidence and enticement beliefs that influence the intention to provide personal information necessary to conduct transactions on the Internet. A theoretical model that incorporated contrary factors representing elements of a privacy calculus was tested using data gathered from 369 respondents. Structural equations modeling (SEM) using LISREL validated the instrument and the proposed model. The results suggest that although Internet privacy concerns inhibit e-commerce transactions, the cumulative influence of Internet trust and personal Internet interest are important factors that can outweigh privacy risk perceptions in the decision to disclose personal information when an individual uses the Internet. These findings provide empirical support for an extended privacy calculus model.

information science & library science,management

Da-Wei Wang,Churn-Jung Liau,Tsan-sheng Hsu,Jeremy K.-P. Chen

DOI: https://doi.org/10.1016/j.ijar.2006.04.002

IF: 4.452

2006-10-01

International Journal of Approximate Reasoning

Abstract:We assume that a database of personal information comprises records of individuals that contain confidential or sensitive fields. Queries about the distribution of a sensitive field within a selected population in the database can be submitted to the data center. However, the answers to the queries may leak confidential information about some individuals, even though no identification information is provided. Inspired by decision theory, we present two quantitative models for privacy protection in such a database query or linkage environment. One models the value of information from the viewpoint of the querier, while the other models the damage caused by and compensation for privacy leakage.In both models, we define the information state by a class of probability distributions on a set of possible confidential values. These states can be modified and refined by the user’s knowledge acquisition behavior. In the first model, the value of information is defined as the expected gain of the querier, and privacy is protected by imposing costs on the answers to the queries to balance any potential gain. In the second model, the safety of information is guaranteed by ensuring that anyone misusing private information must pay more compensation than the value of the possible gain.

computer science, artificial intelligence

Jaeung Lee,Melchor C. de Guzman,Jingguo Wang,Manish Gupta,H. Raghav Rao

DOI: https://doi.org/10.1016/j.cose.2022.102832

IF: 5.105

2022-01-01

Computers & Security

Abstract:Data breaches in financial institutions could produce extensive damage to an organization's operations. Therefore, it is critical for organizations to identify and assess threats in their operational environment to be able to implement prevention and mitigation strategies. Applying Routine Activity Theory (RAT), this paper develops a risk assessment model using employees’ perceptions of risks relative to potential breaches of sensitive data in their organizations. This paper empirically examines the roles of motivated offenders, suitable targets, and the influences of capable guardianship within the organization. Analyses of surveyed employees show that perceptions of value (using a multi-dimensional perspective), inertia, and accessibility of targeted sensitive data along with presence of guardians have an impact on assessment of risk about data breaches in financial institutions. The paper also extends RAT to account for the amount of information (both online and offline) available regarding the data influence the relationship between value of the sensitive data and suitability for data breach. Theoretical and practical implications are discussed.

Jingguo Wang,Aby Chaudhury,H. Raghav Rao

DOI: https://doi.org/10.1287/isre.1070.0143

IF: 4.9

2008-01-01

Information Systems Research

Abstract:Information security investment has been getting increasing attention in recent years. Various methods have been proposed to determine the effective level of security investment. However, traditional expected value methods (such as annual loss expectancy) cannot fully characterize the information security risk confronted by organizations, considering some extremal yet perhaps relatively rare cases in which a security failure may be critical and cause high losses. In this research note we introduce the concept of value-at-risk to measure the risk of daily losses an organization faces due to security exploits and use extreme value analysis to quantitatively estimate the value at risk. We collect a set of internal daily activity data from a large financial institution in the northeast United States and then simulate its daily losses with information based on data snapshots and interviews with security managers at the institution. We illustrate our methods using these simulated daily losses. With this approach, decision makers can make a proper investment choice based on their own risk preference instead of pursuing a solution that minimizes only the expected cost.

Euiho Suh,Seungjae Lim,Hyunseok Hwang,Suyeon Kim

DOI: https://doi.org/10.1016/j.eswa.2004.01.008

IF: 8.5

2004-08-01

Expert Systems with Applications

Abstract:The rapid growth of e-commerce has provided both an opportunity to create new values in the online marketplace and dramatic competition to survive. To survive in a competitive environment, Internet shopping malls attempt to adopt and use Customer Relationship Management. However, previous researches focused on navigation patterns of customers with membership. Therefore, they failed to apply real time web marketing to anonymous customers who navigate web pages without personal login.To overcome the problems noted above, we propose a methodology for predicting the purchase probability of anonymous customers to support real time web marketing. The proposed methodology is composed of two phases: (1) extracting purchase patterns and (2) predicting purchase probability. Purchase pattern provides marketing implications to web marketers while the purchase probability provides an opportunity for real time web marketing by predicting the purchase probability of an anonymous customer.The proposed methodology can be applied to the real time web marketing such as navigation shortcuts, product recommendations and better customer inducement since anonymous customers are included in marketing target and significant navigation pattern for purchase is identified.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Jongbae Kim

DOI: https://doi.org/10.3390/electronics13193954

IF: 2.9

2024-10-09

Electronics

Abstract:The rapid expansion of non-face-to-face e-commerce services in the Korea has significantly increased the importance of personal identity proofing (PIP) for verifying users in online transactions, such as payments, refunds, membership registrations, and access to age-restricted products. Currently, personal identity proofing agencies (PIPAs) indiscriminately provide all of a user's personal information to internet service providers (ISPs), leading to substantial privacy concerns and preventing users from selectively disclosing only the necessary information. The objective of this paper is to enhance the safety, convenience, and security of PIP services by proposing a method that empowers users to control the personal information they disclose while enabling digital identity integration for both online and offline applications. To achieve this, an extensive overview and analysis of the current PIP systems in Korea is presented, including methods. The strengths and weaknesses of these systems are critically examined, revealing limitations in privacy protection, user convenience, and security. Based on this analysis, a new method is proposed that introduces differentiated levels of PIP means according to authentication strength, allowing for the minimal necessary disclosure of personal information. The proposed method aims to improve the stability and reliability of the PIP service environment by addressing current privacy concerns and enhancing user control over personal information. This approach can be applied to e-commerce services in Korea and other countries facing similar challenges, contributing to the development of safer and more reliable online services.

engineering, electrical & electronic,computer science, information systems,physics, applied

Tao Zhang,Kun Zhao,Ming Yang,Tilei Gao,Wanyu Xie

DOI: https://doi.org/10.1155/2020/8888296

2020-07-07

Wireless Communications and Mobile Computing

Abstract:To obtain precise personalized services in mobile commerce, the users have to disclose their personal information to the operator, which constitutes a potential threat to their privacy security. In this paper, a mobile commerce privacy security risk assessment model is established based on information entropy and Markov chain, and effective security risk measurement, and assessment method is put forward. Our method can provide accurate and quantitative results in assessing privacy disclosure risk to guide the users’ selection of safe mobile commerce applications and protect their privacy security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jae Kwon Bae,Gwang Heon Hong,

DOI: https://doi.org/10.38115/asgba.2023.20.6.133

2023-12-31

The Academic Society of Global Business Administration

Abstract:In the era of digital financial innovation, the importance of financial security is being emphasized day by day as the financial sector expands its use of technologies such as the Internet of Things(IoT), Cloud, BigData, and Artificial Intelligence(AI). Financial security refers to Fintech security and involves establishing and operating an integrated security control system against cyber threats that take advantage of security vulnerabilities resulting from the introduction of innovative technologies, responding to intrusion incidents, and analyzing and assessing vulnerabilities. In particular, security risks are emerging as cloud services are utilized throughout the financial industry, and financial security control and abnormal financial transaction detection are being advanced by applying AI technology. Additionally, in the financial sector, data security and information protection are emerging as very important issues in the era of the MyData platform. As the MyData service expands, where a large number of personal information is concentrated in one place, the threat of personal information infringement due to indiscriminate information collection and service hacking is also increasing. Accordingly, it is necessary to strengthen personal information protection within the MyData service and increase awareness of cyber security and financial security. Against this background, this study first examines changes in the security environment of the financial sector (internal control and abnormal financial transaction detection) and the components of the integrated security control system. Next, we would like to derive security threats to the financial sector such as phishing and smishing using social engineering techniques, authentication information theft, Ransomware, Emotet, Soggolish, BEC, and TOAD. Lastly, in relation to cyber security policies in the financial sector, we would like to discuss countermeasures against Ransomware in the financial sector, plans to build a next-generation financial security control system, MyData information protection and information security, and the applicability of the Zero Trust model in the financial sector.

English Else

Kim Hua Tan,W. P. Wong,Leanne Chung

DOI: https://doi.org/10.1007/s10796-015-9553-6

2015-04-17

Information Systems Frontiers

Abstract:The current world of post industrial value generation sees companies increasingly analyzing their internal operations against their external organizations to identify supply/demand fluctuations along the supply chain. Within these integrated relationships between internal and external parties in the supply chain, knowledge and information have become very important production resources. The existence and success of an increasing number of organizations strongly depend on their capabilities to utilize knowledge and information for profit generation. By managing more efficient information sharing, the volume of company confidential information passing through the supply chain increases, and this brings about more incidences of knowledge leakage and information leakage. A survey by PricewaterhouseCoopers in 2014 shows information security spending over the next 12 months would increase 60.27 % in Asia and 48.98 % in all regions. This emphasizes the importance of information privacy and therefore the necessity to study the information and knowledge leakage in integrated supply chain. The objectives of this study are to investigate the factors triggering information and knowledge leakage and create a mitigation framework to soften the impact of leakages on performance. The above objectives will be met by formulating and examining several hypotheses of a conceptualized information leakage (IL) and knowledge leakage (KL) framework. A case study derived from a structured interview is adopted as a methodology in this research. As a result, this paper contributes a novel theoretical model that characterizes information and knowledge leakage in an integrated supply chain. Therefore, it also adds new knowledge of managing information and knowledge leakage to supply chain management.

computer science, information systems, theory & methods