A Study on Internal User Access Control Method Using Multiple Factors for Safe Financial Information System
International Journal of u- and e- Service, Science and Technology
Financial information systems operated by financial institutions are based on various customers' information. If leaked for illegal and vicious purposes, financial information can bring a lot of damages, including financial damages. Therefore, continuous demands on IT compliance related to financial information systems have risen as financial policy institutions suggest integrated plans for improvement on clarity of financial information service and reinforcement on safety of information
... information systems operation. In order to meet such demands, financial institutions invested efforts and capital to prevent illegal leaks of financial information outside of barriers, however, it happens that not only do information leaks caused by external factors, but also ones caused by internal information system users occur quite frequently. Therefore, financial information systems must be operated and managed by authorized internal users. For that, this study analyzes various authentication technologies and compliances as advanced research then suggests a new authentication model for financial information system users. Through this model, we expect that the system will be able to secure safety in operation and management of financial information system hence, to deal with illegal leaks of financial information. 52 Copyright ⓒ 2015 SERSC secured through 7 stages of user-terminal (PC)-tracking monitoring system-OTP system-firewall-access information system and server security system. Also, when user performs an important function which weighs influence on systems such as system shutdown after access to financial information system, it is designed and realized for the safety of system operation, through 17 stages of userterminal (PC)-tracking monitoring system-OTP system-firewall-access information system and server security system-password management system-access target system-server security system-important work commands input-tracking monitoring system-OTP system-tracking monitoring system-access target information systemserver security system-important work command execution.