KR102008707B1 - Risk management system - Google Patents

Abstract

The present invention relates to a business risk management system, comprising: a user terminal in which a dedicated program for providing a business risk management service through a network is installed; And a server for providing a business risk service as a chart and graphed information to a user in real time through a dedicated program installed in the user terminal.

Description

Business risk management system {RISK MANAGEMENT SYSTEM}

The present invention relates to a work risk management system implemented to provide an accident prevention system that detects risk factors in advance by providing a risk-based and constant monitoring system to track and analyze various internal tasks in real time.

Modern companies need to recognize and manage risks such as accounting and ethical management more than in the past. In particular, effective management of internal risks prior to catastrophic risks can give you confidence that you are achieving your management objectives internally and externally, and external audits can prevent problems in your operations.

For this purpose, computerized systems for efficiently performing internal control have been proposed, but conventional computerized auditing systems have no meaning beyond the computerization of a system managed by paper documents. In particular, the audit and internal control system is not enough to be used as an internal control system to suit the characteristics of the company, and problems that are not easy to use for users who perform audit management and users who use the audit information. have.

Existing auditing method has a problem that when using computerized information as a basis for risk occurrence factor, a lot of manual work is repeatedly generated for processing a large amount of information, which lowers audit efficiency and decreases utilization of processed information.

In addition, the system for performing the conventional audit management has to use a check list or a predetermined manual to confirm the risk, it is difficult to identify the quantitative risk occurrence status, there is a problem that can not be efficiently managed.

On the other hand, the background art described above is technical information possessed by the inventors for the derivation of the present invention or acquired in the derivation process of the present invention, and is not necessarily a publicly known technique disclosed to the general public before the application of the present invention. .

Korean Patent Publication No. 10-2006-0086619

One aspect of the present invention is to establish and functionalize a standardized business process for managing the business risk of the enterprise to provide automation and efficiency of the audit work, and in particular, to provide a risk-based always-on monitoring system to track various internal tasks in real time It provides a business risk management system to establish an accident prevention system that analyzes and analyzes risks in advance.

In addition, by analyzing the audit results of the risk diagnosis management means and the work risk information collected from the outside, it predicts the blank security technology and presents the information that needs to be supplemented and upgraded to inform the system of the blank area of security and the latest security information and reflect it on the system. Provide a means of updating risk information.

In addition, the present invention provides an administrator management module that can assist an administrator to efficiently manage and maintain a device such as a server.

In addition, by using the points given to managers included in the manager list, the manager's capability is evaluated to provide a manager evaluation module that can select a manager more suitable for event resolution of the device in which the event is generated.

In addition, when a new device is introduced to the system, a list update module for updating a manager list previously generated by the manager management module as described above is provided to efficiently perform the new device.

The technical problem of the present invention is not limited to the technical problem mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art from the following description.

Business risk management system according to an embodiment of the present invention, the user terminal is installed a dedicated program for providing a business risk management service through the network; And a server that provides a user with a charted and graphed information on a business risk service in real time through a dedicated program installed in the user terminal.

In one embodiment, the server, risk autonomous control means for managing risk items for each business scenario inputted from the user terminal; Risk monitoring means for managing risk monitoring information on risk items for each work scenario by using the risk items for each work scenario and standard data pre-built in the server; Risk diagnosis management means for managing the audit results of the risk items for each business scenario by using the risk monitoring information and processing them into charted and graphed information; Risk management means for managing the progress for each business scenario using the risk monitoring information, and executing at least one of progress, stop, vocation, and alarm according to the risk monitoring information; And risk information updating means for analyzing the audit result of the risk diagnosis management means and the work risk information collected from the outside to predict the blank security technology and presenting information that needs to be supplemented and upgraded, wherein the server includes the standard data. A first database for storing the; A second database for storing information on risk items for each business scenario; A third database for storing an analysis result of the risk monitoring information input from the user; And a fourth database for storing the audit result and the follow-up management information of the risk item for each work scenario inputted from the user, wherein the risk diagnosis management means determines an abnormal symptom based on the risk monitoring information, and details. Perform analysis, request the user of the user's terminal for evidence of the abnormal symptoms, notify the detection of the abnormal symptoms from the user terminal user, receive the calling data, and input the user terminal user According to the user's judgment data on the call-out data for the abnormal symptom, at least one audit association scenario item is implemented, and the risk autonomous control means is an interface for inputting the risk item for each work scenario. New for each risk category Risk autonomous control interface unit for providing an information change request module that provides a means for locking the change request information to the user of the terminal to the user terminal; And business process management means for managing risk items for each business scenario inputted from the user terminal through the risk autonomous control interface unit, wherein the risk monitoring means includes risks for each business scenario for risk monitoring to the user terminal. A monitoring interface unit providing a menu for selecting an item; A standard data acquisition unit for obtaining standard data corresponding to the risk item for each work scenario selected from the user terminal through the monitoring interface unit from the server; An abnormal symptom data generation unit for comparing the selected risk item for each business scenario with the standard data and generating abnormal symptom data according to a predetermined abnormal symptom occurrence criteria for the selected risk item for each business scenario; A risk grade generation unit for assigning a risk level to at least one of a detection frequency, a detection time, and a detection frequency of the abnormal symptom data; And a risk analysis unit which obtains information on detailed items for each business scenario from the server and generates charted and graphed information about the selected risk items for each business scenario, wherein the risk diagnosis management means comprises: the risk monitoring information An audit management interface for providing an interface for inputting an analysis result to the user terminal; And providing an interface for inputting thanksgiving discrimination audit results, and including a post-management interface for accumulating and managing input information. The risk information updating means includes audit results of the risk diagnosis management means and work security technology of other companies. An information collection module for collecting technology and trend information on development through Keyword search; After scanning and photographing information of any one of books, documents, photographs, drawings, and various images collected by the information collecting module, transforming the information into digital data, and extracting text data from the digital data, the photographs, drawings, and images A data registration support module for extracting text data by extracting text that can be extracted from photographs, drawings and images using machine learning technology, and storing the extracted text data; A clustering module for clustering the textified digital data using at least one of a text mining technique, a principal component analysis, a silhouette width analysis, and a K-medoids algorithm analysis, and then analyzing and predicting a work security technology in an injured or empty state; In order to secure the validity of the analysis and prediction result of the clustering module, the clustered digital data is divided into learning data and evaluation data based on the generation time, and then validity of the clustered digital data is evaluated using the evaluation data. Evaluation module; The correlation between the risk item for each scenario, the standard data, the audit result of the risk diagnosis management means, and the abnormal symptom data among the results derived through the feasibility assessment module is analyzed and the user is analyzed. An association analysis module for providing the digital data having associations equal to or greater than a numerical value set by the user; And analyzing the causal relationship to the results provided by the correlation analysis module using artificial intelligence, and presenting a decision reason presentation module for explaining a reason why the result is generated. And a building module and a reason explanation interface module, wherein the model building module includes any one of an in-depth explanatory learning module, an interpretable model generation module, and a model induction module. A description is provided to the user, including at least one of language, tables, images, graphs, and formulas, as to what processes and reasons resulted in the final result and what factors or data affected each step. Receive feedback about clarity and utilization from the user, and the server And a backup file decentralization module for protecting various kinds of information. The backup file decentralization module generates information including user information or system information as a backup file from an external attack including hacking or ransomware. The first backup file and the second backup file are sequentially generated and stored in the backup file including the same data, and the first backup file and the second backup file are stored in different locations. The storage location of the secondary backup file and the secondary backup file is changed to a predetermined place on the system or a place designated as a folder or sub folder created according to a random random variable, and the backup file decentralization module detects intrusion from the outside. The sub backup file by successively replicating the primary backup file and the secondary backup file. Generate a plurality of files, and store the generated plurality of sub backup files separately in different locations generated according to the random variable, and the backup file distribution module stores the backup files in a synchronization folder linked with a cloud service. When storing, when the storage of the backup file is completed in the synchronization folder and the stored backup file is uploaded to the cloud, the synchronization with respect to the synchronization folder is released.

delete

According to one aspect of the present invention, it is possible to implement a continuous audit system with enhanced preventive function in the detection-oriented audit system, it is possible to provide an effect capable of immediate response through real-time monitoring.

In addition, it is possible to implement a risk management system that facilitates risk assessment and analysis through multi-dimensional tracking information, and includes all stages of planning, due diligence, and follow-up, such as comprehensive audit, special audit, routine audit, external audit, and own audit. Providing a standardized system can improve the quality of management.

In addition, by analyzing the audit results and the latest information from the inside of the system using the risk information update means, the risk blank area of the system can be secured in advance, and the latest security technology information can be applied to the system.

In addition, under the control of the developer, software components and software may be developed and directly managed, and the software components may be used only in a licensed development system.

And, important information such as user information or system information to be protected from an external attack such as hacking or ransomware can be created and managed as a backup file.

And by enabling reliable decision making between the user and the AI, the user's feedback can be appropriately reflected in the event of a problem or error, and the reason for the result of the result presented by the AI Can't explain the problem clearly, and it can solve the distrust that a user can have in artificial intelligence, and overworking problem that the optimal solution in the region can be selected instead of the optimal solution from the overall perspective. It can prevent it beforehand.

In addition, it assists the administrator to efficiently maintain and maintain devices such as servers, and evaluates the manager's capabilities using points given to the administrators included in the administrator list. The administrator may select a more suitable manager, and when a new device is introduced to the system, the manager list may be updated by the manager management module as described above to efficiently perform the new device.

1 is a view showing a schematic configuration of a business risk management system according to an embodiment of the present invention.
Figure 2 shows a schematic configuration of a server of the business risk management system according to an embodiment of the present invention.
3 illustrates an embodiment of an operation of a business risk management system according to an embodiment of the present invention.
4 illustrates one embodiment of a business risk management system operation in accordance with one embodiment of the present invention.

DETAILED DESCRIPTION The following detailed description of the invention refers to the accompanying drawings that show, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different but need not be mutually exclusive. For example, certain shapes, structures, and characteristics described herein may be embodied in other embodiments without departing from the spirit and scope of the invention in connection with one embodiment. In addition, it is to be understood that the location or arrangement of individual components within each disclosed embodiment may be changed without departing from the spirit and scope of the invention. The following detailed description, therefore, is not to be taken in a limiting sense, and the scope of the present invention, if properly described, is defined only by the appended claims, along with the full range of equivalents to which such claims are entitled. Like reference numerals in the drawings refer to the same or similar functions throughout the several aspects.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the drawings.

1 is a view showing a schematic configuration of a business risk management system according to an embodiment of the present invention.

Referring to FIG. 1, the business risk management system 10 according to an embodiment of the present invention includes a service providing server 100 and a user terminal 200.

The service providing server 100 provides a risk management service to a user through a dedicated program installed in the user terminal 200. The server 100 may include a first database for storing standard data, a second database for storing information on risk items for each business scenario, a third database for storing an analysis result of risk monitoring information input from a user, and an input from the user. It may include a fourth database for storing the audit results and follow-up information of risk items for each business scenario.

In one embodiment, the service providing server 100 may execute or manufacture various software based on an operating system (OS), that is, a system. The operating system is a system program for enabling the software to use the hardware of the device, and the mobile computer operating system such as Android OS, iOS, Windows Mobile OS, Sea OS, Symbian OS, Blackberry OS, Windows, Linux, Unix, It can include any computer operating system, such as MAC, AIX, or HP-UX. The server 100 includes preset standard data for each company business scenario, and the standard data for each business scenario includes, for example, purchase information, material status, financial and accounting information, manufacturing and quality information, sales and marketing information. It may include, but is not limited to.

The user terminal 200 may be provided with a dedicated program for providing a risk management service through the network 300, and executes various services provided from the server 100 through a dedicated program. The user terminal 200 may be divided into an operator terminal 200 for performing detailed tasks and an auditor terminal 200 for auditing the same. The practitioner may input information on the work process, risk items for each work scenario, the basis of the occurrence of risk, and a recurrence prevention plan through the user terminal 200 such as a general computer or a notebook. In addition, the auditor may know the occurrence of the risk from the server 100 through the user terminal 200, and may check the risk occurrence basis and the recurrence prevention plan input by the practitioner.

In one embodiment, the user terminal 200 is a communication capable terminal equipped with a monitor such as a PC, a laptop, a smartphone, a mobile phone, and the like, and receives and installs data provided from the service providing server 100 or provides a service. By accessing a web page provided by the server 100, various types of risk-related information may be checked or risk information of other users may be shared.

The business risk management system 10 having the configuration as described above may further include a network 300. Here, the network 300 includes a wired communication network or a wireless communication network, and connects communication between the user terminal 100 and the service providing server 200 to perform data transmission and reception between each other.

The business risk management system 10 having the above-described configuration can establish a healthy ethical management culture throughout our corporate culture, and can preemptively manage risks that will be a problem for corporate operations. It can be effective.

Figure 2 shows a schematic configuration of a server of the business risk management system according to an embodiment of the present invention.

Referring to FIG. 2, the server 100 performs risk management by the risk autonomous control unit 110 and risk autonomous control unit 110 that derive risk items for each business scenario by performing business process management and risk management. Risk monitoring means 120 for generating risk monitoring information using the risk items and standard data of the server 100, and generates an audit result of risk items for each business scenario using the risk monitoring information, Risk management means 130 for managing the follow-up management information, risk management using the risk monitoring information to manage the progress, risk management means for executing at least one of the progress, stop, call, alarm according to the monitoring information ( 140) and analyze the audit results and risk information collected from the outside of the risk diagnosis management means 130 Risk information updating means 150 for predicting the blank security technology and presenting information that needs to be supplemented and upgraded, and system driving means 160 for driving the entire system.

The risk autonomous control means 110 includes risk autonomous control interface means 111 that provides an input field for risk autonomy control, and risk type determination and work for each business scenario inputted through the risk autonomous control interface means 111. Risk management means 115 for assessing the impact. In addition, the risk autonomous control interface means 111 further comprises a business process management means 113 for the user (executor, auditor) to check the business process, or manage information about the business scenario that the user inputs . The risk autonomous control interface means 111 provides the user with a menu for selecting a work scenario item, a work unit, a risk type classification and confirmation, a change request internal control manual, and the like. Explaining the meaning of 'business scenarios' refers to the division of each business process step by step, for example, in the case of equipment and material management business (purchase request, purchase execution, disposal sale, logistics management, It is divided into import and export customs clearance, material import and export, import inspection, nonconforming goods processing, payment, etc. In the case of the equipment purchase execution unit process, the investment request, investment review, purchase request, purchase request and review, quotation receipt, contract preparation It means to be divided by step. In the present invention, risk items are classified by scenarios. For example, in the purchase contract phase of the purchase execution process of equipment purchase, one of the risk items is a content error in the preparation of the contract, and the risk type is a loss of revenue.

For example, the risk autonomous control interface means 111 determines a risk item through a menu for managing a work process in association with the work process management means 113 and a risk for each work scenario and a risk type and evaluation for the user. It can provide the ability to inquire the data and the related unit process step by step.

In addition, the risk autonomous control unit 110 receives the business process and risk items from the user terminal 200. In the request menu, the request date, requestor, requesting department, request contents, attachments, etc. are provided to configure information to be modified. The user may transmit a change request of a risk item for each business process or work scenario through the menu.

The risk monitoring means 120 includes a monitoring interface means 121 that provides an input field for risk monitoring to a user, and when a risk item for each business scenario is selected through the monitoring interface means 121, Standard data acquisition means 122 for acquiring the standard data corresponding to the risk item for each work scenario selected from the database, and abnormal symptom data according to a predetermined abnormal symptom occurrence criteria based on the risk item for each work scenario and the standard data. Abnormality indication data generating means 123 for generating a; and state information generating means 124 for generating state information on the processing state of the abnormality indication data. In addition, the risk monitoring means 120 generates a visual report of the detailed analysis result for each abnormal symptom data generated, and obtains information on the details of each business scenario required for generating the report from the first database of the server 20 The risk analysis means 125 may further include a risk feedback means 126 for performing a cause analysis request for the monitoring result. The risk monitoring interface unit 121 interlocks with the state information generating unit 124 to show that the state of each data is 'in progress', 'unprocessed' or 'complete'. In addition, an email or a message transmission menu is added to the risk monitoring interface means 121, and when the user selects it, the E-mail or a message is transmitted to the person in charge through the risk feedback means 126, and an audit described later. It is possible to automatically store in the management interface means 131.

The risk diagnosis management means 130 provides an audit management interface means 131 for inputting an analysis result of the risk monitoring information and a report content on the analysis result, and an input field for inputting an on-site verification result and a thanksgiving discrimination audit result. It includes a post-management interface means 133 for accumulating and managing the input information. The post management interface means 133 provides an input field for inputting the thanksgiving discrimination audit result. Here, the information input through the input field is cumulatively managed, and thus, it is possible to check the thanksgiving discrimination audit result step by step. For example, the screens related to regular audits can be entered at each stage for the establishment of a letter of recommendation plan, the request for audit notification data, the implementation of the audit, the preparation of the report, the establishment of a report on improvement of the result notification, and the follow-up management.

In addition, you can enter at least one of blacklist, network information, transaction terminal information, transaction pattern information, suspicious account information, other abnormality detection, batch detection, and by industry such as bank, insurance, card, public, general enterprise, etc. It is possible to input the contents of the implementation of the plan, the request for the audit report, the execution of the audit, the preparation of the report, the establishment of the improvement notice plan, and the follow-up management. The details of the follow-up management are cumulative management, and the details of the follow-up management can be checked separately. In addition, the audit management interface means 131 may display the results of analysis of the risk monitoring information and the abnormal symptom data, the evidence documented in the field of business, the auditor's final processing result, and the like.

The risk operation means 140 manages the progress for each work scenario by using the risk monitoring information, and executes at least one of progress, stop, vocation, and alarm according to the monitoring information. The risk operation means 140 proceeds with the system as shown in FIG. 3 when at least one of blacklist, network information, transaction terminal information, transaction pattern information, suspicious account information, other abnormality detection, and batch detection is derived as risk monitoring information. Run at least one of Stop, Call, Alarm. In other words, the treatment method can be classified into suspicious transaction, real-time transaction, suspicious transaction, etc., and countermeasures such as monitoring date or blocking transaction can be operated according to the situation. In addition, it can manage the operation of each work scenario.

The risk information update means 150 analyzes the audit results of the risk operation means 140 and the risk diagnosis management means 130 and the work risk information collected from the outside to predict the blank security technology and present information that needs to be supplemented and upgraded. By doing so, the business risk management system 10 can be made to reflect the latest technology without the risk gap area.

3 illustrates an embodiment of an operation of a business risk management system according to an embodiment of the present invention.

Referring to FIG. 3, the server 100 notifies the auditor terminal 200 of information received from the operator terminal 200. The server 100 allows the practitioner terminal 200 to access and receives a newly generated risk information for each business scenario and evaluation or registration request for the risk item for each business scenario. Here, the evaluation information of the risk item may be a risk level, a type of risk, and an abnormal symptom occurrence standard. Thereafter, the server 100 may notify the auditor's terminal 200 of the risk item correction or registration request, and the server 100 may receive whether the auditor's terminal 200 is in progress regarding the task. Here, whether or not the work is progressed, for example, if the conditions for each work scenario is not satisfied or there is a potential item found to be violated, the work may be stopped and waited. It is intended to prevent the automatic progression to the next step if the preceding work is not completed or there is a violation.

3 illustrates a method of operating a risk management system for each work scenario, the risk management for each work scenario may be simultaneously performed multiple times, and confirmed by using the auditor terminal 200 collectively. And supervision.

4 illustrates one embodiment of a business risk management system operation in accordance with one embodiment of the present invention.

Referring to FIG. 4A, a screen of a user terminal in which a dedicated program for providing a business risk management service through a network is installed. Figure 4 (a) shows an embodiment of the auditor user terminal, referring to Figure 4 (a), ① is a part for inputting a condition for searching a scenario, ② is a scenario sequence number button, This button displays a screen for specifying the order of detection scenarios. ③ is a button for searching for detection scenarios based on the conditions entered in ①, ④ is a button showing a screen for registering a detection scenario by combining detection patterns, and ⑤ is a button for deleting a registered scenario. ⑥ is a preview of the source. The button shows the screen to check the source before creating the daemon corresponding to the created scenario as a file. ⑦ creates a compile by generating the daemon source file. ⑧ is to apply the change, and the detection scenario daemon created in ⑦ is applied, and the changed scenario is actually applied only after saving and creating the source with ⑦ and applying the change to ⑧. ⑨ adds or excludes detection pattern for each scenario and designates A pattern order and saves it. However, this is merely an example, and may be changed to various configurations according to the embodiment.

Referring to FIG. 4 (b), it illustrates a state in which a business risk service set by a user is provided as charts and graphed information in real time through a dedicated program installed in a user terminal by a server. When a particular report is selected by user selection, related data can be charted and graphed and provided to the user. As shown in FIG. 4 (b), for example, if the interface management is clicked, the number of transactions per second, the transaction status by channel, the total data collection, the detection status by scenario, the detection type, the detection status by time zone, and the system performance The table can be provided in a table or graph for easy visual recognition. In addition, such a table or graphed data may reflect and analyze real-time data to enable rapid list information delivery to a user.

In one embodiment, the server 100 performing the function described above, the user analyzes the blank area of the system to inform the user, and collects external information to analyze and provide the latest technology than the current system to the user The risk information update means 150 may be provided to provide the same to the system and to be applicable to the system according to the embodiment.

The risk information updating means 150 may include an information collection module 151, a data registration support module 152, a clustering module 153, a feasibility evaluation module 154, and an association analysis module 155.

The information collection module 151 collects the audit result of the risk diagnosis management means and technology and trend information on the work security technology development of other companies through keyword search. In other words, this study analyzes the trends in the development of business security technologies by companies, and identifies the growth stages of the security market. Keyword search can be used to collect and store published documents or online materials.

 The data registration support module 152 scans and photographs any one of books, documents, photos, drawings, and various images collected by the information collection module, transforms the data into digital data, and then extracts text data from the digital data. Save the extracted text data. For example, in the case of a document composed of text, the text is recognized as it is, and in the case of an image or a drawing, the text that can be extracted from the image or the drawing can be derived and transformed into digital data using machine learning technology.

The clustering module 153 clusters the textified digital data using at least one of a text mining technique, a principal component analysis, a silhouette width analysis, and a K-medoids algorithm analysis, and then analyzes and predicts a work security technology that is injured or blank. do. For example, a text-matrix technique can be used to extract text from data collected through text mining techniques for preprocessing of digital data, and the structural analysis can be easily performed through principal component analysis. In addition, the silhouette width can be compared to determine the optimal number of clusters and the patent documents can be clustered using the K-medoids algorithm. In addition, duplicate keywords may be extracted for each cluster, and description technology for each cluster may be defined based on the duplicate keywords. Based on cluster definitions and technology trends, major emerging and void technologies can be predicted.

The validity evaluation module 154 divides the clustered digital data into learning data and evaluation data based on a generation time to secure validity of the analysis and prediction result of the clustering module 153, and then clusters the data using the evaluation data. Validate digital data. For example, in the quantitative analysis of clustered digital data, the data can be analyzed based on the data creation date, and the evaluation data can be set as data created in the last three years, and the learning data can be set to data more than three years old. The evaluation data set by the user can be used to perform performance evaluation for each work security technology cluster and to secure the validity of the prediction result.

 The correlation analysis module 155 may include the risk item for each scenario, the standard data, the audit result of the risk diagnosis management means, and the abnormal symptom data, using the association rule mining technique among the results obtained through the validity evaluation module 154. Analyzing the association with at least one of the provided and provides the digital data of the association above the numerical value set by the user. For example, high-frequency descriptions and keywords related to business security can be compared and analyzed with keywords and clustered digital data to analyze their association with the system. In order to analyze the technical association rules for business security, it is possible to build a transaction data set by extracting only two or more text data from documents, and to identify technical associations by support, reliability, and improvement for high relative texts. . In the association rule analysis, the degree of association represents the ratio of the number of developments of both technologies A and B to the two transactions A and B. The higher the support, the more likely that technologies A and B are developed at the same time. In the association rule analysis, reliability represents the probability of developing technology B under the condition that technology A was developed. The higher the reliability, the higher the probability that the following technology B is developed after the prior art A. In the association rule analysis, the improvement represents the reliability of two techniques A and B divided by the support of technique B. That is, the ratio of the development probability of technology B when technology A is developed to the development probability of technology B when technology A is not developed. If the improvement is greater than 1, the two techniques A and B are in a positive relationship, and if it is less than 1, there is a negative relationship. An improvement of 1 means that the two technologies A and B are independent of each other. The final association rule can be derived by applying the association rule based on the improvement level to the higher association rule derived according to the results of the support and the reliability analyzed above. Through this, the technical field and information highly related to the business risk management system 10 can be presented to the user. In addition, according to the exemplary embodiment, highly related information may be automatically included in the standard data. Through this, the business risk management system 10 can be automatically updated.

In an embodiment, the server 100 performing the function described above may include a backup file decentralization module (not shown in the drawings for convenience of description) to securely protect various kinds of information information.

The backup file decentralization module generates important information such as user information or system information to be protected from an external attack such as hacking or ransomware as a backup file, and then creates the backup file containing the same data. Create and save the secondary backup in order, but save the primary backup file and the secondary backup file in different storage locations.

However, the backup file is not limited to the first and second generations, and a plurality of three or more backup files may be generated in consideration of system performance.

In addition, the backup file decentralization module may be configured at a predetermined cycle (for example, once every 3 hours or once every 5 hours, which is basically a cycle set on the system). Changes the storage location of the primary backup file and the secondary backup file that have been saved to a preset location or a newly created location on the system.

In this case, it is preferable that the moving place of the backup file is designated as a folder or a sub folder created according to an arbitrary random variable, not a place previously set or designated by the user.

Accordingly, it is possible to prevent an attack program such as hacking or ransomware from predicting the existence of the folder in which the file to be attacked or the location of the folder is located and easily attacking the customer. The same important data can be prevented from being accidentally deleted or modified by the user.

In the present invention, the primary backup file and the secondary backup file are files containing data having the same contents, and no superiority exists between each other, and even when the file is moved, the secondary backup file is moved after the primary backup file. The file may be moved or the primary backup file may be moved after the secondary backup file is moved.

In one embodiment, if an intrusion is detected from the outside, the backup file distribution module continuously performs replication from the previously created primary backup file and the secondary backup file to generate a plurality of sub backup files of each backup file. In addition, the generated plurality of sub backup files may be separately stored in different locations generated according to random variables.

Accordingly, by dividing and storing a number of backup files sporadically generated on the system to any place, even if some backup files are lost or deleted due to an attack, necessary data using the backup files sporadically existing on the system Can be easily recovered.

Next, the backup file decentralization module permanently deletes a file determined to be a backup file currently under attack among a plurality of backup files on the system.

Accordingly, in the present invention, due to hacking or ransomware attack, etc. may not be able to perform a normal function on the system, or due to the attack may be changed to a zombie program that may expose other files on the system to risk. By deleting files on your system, you can prevent some files from attacking your entire system.

In one embodiment, if the backup file decentralization module stores the backup file in a synchronization folder linked with the cloud service, when the storage of the backup file is completed in the synchronization folder and the stored backup file is uploaded on the cloud, the synchronization is performed. You can turn off synchronization for a folder.

For example, when the cloud service for user synchronization is "Dropbox", the function of the backup file decentralization module as described above is implemented using the "selective synchronization service" provided by "Dropbox".

That is, when the backup file decentralization module creates a "backup folder" on the system as a space for storing the backup file, the cloud service also creates a newly created "backup folder" on the cloud in the same way.

Next, the backup file decentralization module will store the backup file in the folder, and thus the backup file is uploaded on the cloud.

Finally, upon completion of the upload of the corresponding backup file on the cloud, the backup file decentralization module selectively releases only the synchronization for the "backup folder" that was used for the backup file upload, and deletes the "backup folder" from the system.

In this case, instead of disabling system-wide synchronization, by disabling only the "backup folder" that was temporarily created for use in uploading backup files, stable synchronization service with cloud service is continuously performed. On the other hand, as the backup file is uploaded to the cloud and then deleted on the system, the backup file can be safely stored on the cloud while being constantly prevented from being continuously exposed to the attack invading the system.

In one embodiment, the backup file decentralization module downloads the backup file that was uploaded to the cloud service by performing the synchronization of the folder that has been deactivated again when the order of changing the storage location of the backup file that was uploaded on the cloud is changed. Thereafter, the downloaded backup file may be moved to a newly created place according to a random variable as described above.

The business risk management system 10 having the configuration as described above, the artificial intelligence used to execute the dedicated application by providing a reason as well as a result of analyzing the data according to the function of the server 100 and the user terminal 200. In order to more precisely interact with the human, it may be implemented on a development environment management system (not shown in the drawings for convenience of description).

The development environment uses a number of development systems for software development by a number of developers, and each development system can develop and directly manage software components and software under developer control. Each development system uses the Trusted Platform Module (TPM) standard technology, which allows software components to be used only in licensed development systems. The Trust Platform Module (TPM) is a kind of security device that can generate and manage security keys for data encryption.

The development environment management system may restrict a developer's authority to use a software component and perform security authentication on a development system used by the developer.

When the development environment management system receives the software component generation or modification permission request message from the development system, the development environment management system may process the software component generation or modification permission request message by checking the authority information of the development system.

Here, the software component may be configured to include at least one of source code, binary including debugging information, pure binary not including debugging information, documentation for detailed description of the code, and process equation model for understanding the code. Can be.

The right information may include at least one of a read right for reading a software component, a storage right for creating and modifying a software component, and a right adjusting authority for adjusting the right information.

When a software component is generated or modified by any one development system that satisfies the authority information, the development environment management system may control the development environment management so that it can be shared by other development systems. This is because a module built by one development system may need to be used in another development system.

The development environment management system can build a database that stores the history of creation or modification of these software components. This is because the historical information can track step-by-step how the value of a particular variable has changed, and can also determine how that particular variable has affected the value change of any other variable.

Specifically, the development environment management system includes a type of software component, whether to create / modify the software component, the date of creation / modification of the software component, the frequency of generation / modification of the software component, and the development to create / modify the software component. The history information may be generated including the authority information of the system.

The development environment management system may assign an index every time the history information is generated and store it in the history information database.

At this time, the development environment management system may build a history information database for each type of software component. That is, the development environment management system may build a history information database according to the importance of the software component, and the history information database of the software component corresponding to the most important type is used in the database update target for storage space management as described below. May be excluded.

Alternatively, the development environment management system may build a history information database for each creation / modification date of the software component. For example, the development environment management system may construct a history information database of a specific date, and exclude the corresponding history information database from a database update target.

Alternatively, the development environment management system may build a history information database for each authority information. For example, the development environment management system constructs a history information database of software components by the development system corresponding to the authority adjustment authority that can adjust the authority information regarded as the highest authority information, and excludes the history information database from the database update target. You can.

The development environment management system may update the history information database for efficient storage space management as described above.

Specifically, the development environment management system may perform update of the history information database when the index of the history information database reaches a preset index.

For example, the development environment management system may divide the entire index of the history information database into three sections in ascending order.

The development environment management system may unconditionally delete history information corresponding to a section including the lowest index among the three sections. The history information corresponding to the section may be considered to have elapsed a long time since the creation / modification date, and since the history information is unlikely to be referenced again, it may be deleted without conditions.

The development environment management system may update the history information corresponding to the middle of three sections by determining whether to delete or maintain the information according to the type of software component. That is, the development environment management system can classify the importance according to the type of software component, and keep only the history information corresponding to the type of software component having the highest importance among the history information corresponding to the middle section among the three sections, and the remaining history. The history information database can be updated by deleting all the information.

Alternatively, the development environment management system may update the history information corresponding to the middle section among the three sections by determining whether to delete or maintain the information according to the frequency of creation / modification of the software component. That is, the history information database may be updated by deleting all the history information whose generation / modification frequency is higher than the preset reference frequency among the history information corresponding to the middle section among the three sections and maintaining the remaining history information.

Alternatively, the development environment management system may update the history information corresponding to the middle section among the three sections by determining whether to delete or maintain the information according to the authority information of the development system. That is, the history information, which is the authority adjustment authority that can adjust the authority information of which the authority information is regarded as the highest authority information among the history information corresponding to the middle section of the three sections, is kept intact, and all remaining history information is deleted. The history information database can be updated.

The development environment management system may maintain the history information corresponding to the section including the highest index among the three sections. The history information corresponding to the section may be regarded as the date of creation / modification is relatively recent, and thus the history information may be maintained as it is highly likely to be referred to again.

Some of the configurations of the business risk management system 10 having the configuration as described above may be implemented by artificial intelligence, and may further include a decision reason presentation module (not shown in the drawings for convenience of description).

The decision reason presentation module not only categorizes and predicts the data given or input by the user, but also analyzes the causality of the decision to find the appropriate basis for the reason why the result is presented by AI. The reason can be explained at the user level. The decision reasoning module enables reliable decision making between the user and AI, so that feedback from the user can be appropriately reflected in case of problems or errors. In addition, by providing a decision reason module, it is possible to solve the distrust that a user may have in artificial intelligence because the reason for the result of the artificial intelligence cannot be clearly explained. In this way, the overfitting problem that the optimal solution in the region can be selected, rather than the overall solution, can be prevented.

In one embodiment, the decision reason presentation module may further include a model building module and a reason explanation interface module. The model building module may be implemented as an in-depth explanatory learning module, an interpretable model generation module, and a model induction module.

The deep description learning module is a modified deep learning technique that allows the deep neural network to learn descriptive features. You can train nodes in the hidden layer to represent meaningful attributes, for example, if you are learning a model that distinguishes the image of the arms and legs, then each hidden node is a fingernail or toenail, a finger or toe, a palm or sole. By learning to show the location, etc., when the model determines that an image is a hand, the active hidden node can provide the basis for the decision. The basis of this determination may be expressed verbally through a natural language generation model such as RNN (Recurrent Neural Network). RNN is a model of deep learning, which is a kind of artificial neural network, for learning data that changes with time, such as time series data, and using input control vector, forgetting vector, and output control vector to input and output data. Get In the input control vector, the input signal receives the value after passing through the connection layer with the activation function, and the forgetting vector reflects a part of the past input to the current input. The output adjustment vector takes in the values using the activation function taking into account the past values and the modified input values. The final result is then returned to input. The circulatory neural network is mainly used for classifying document emotions or recognizing handwritten text, and can also be mainly used for speech recognition, time series prediction, or waveform generation. This is because the input data can be processed in a proper order even if the input data has a fixed shape without an order.

Also, in an embodiment, the in-depth learning module may visually display a part based on the image. For example, if the AI system classifies a cat image, the existing system derives only the cat whether the input image is a cat, but the in-depth learning module derives whether the cat is a cat and uses the basis (hair, beard, etc.) of the image. Can be provided to

The interpretable model generation module can construct structured data into an interpretable causal model. According to an embodiment of the present disclosure, an interpretable model generation module may be constructed using Bayesian program learning (BPL), and BPL is a method of learning to express a combination of small pieces, for example, learning a model that generates letters. When you do this, divide the letters into strokes to create the most reasonable combination of strokes. BPL can mimic a human being without a large amount of data, and it is an evolution of the Neural Network that can change the probability value based on a new event given. In other words, the BPL not only changes the weights of the virtual variables, but also includes creating another virtual variable in the middle. Given a new environment, understanding the phenomena in a different way, for example, toss a coin 100 times and face the front 60 times and the back 40 times to get a 60% chance of coming out, then the next time the back comes out. The probability of heading out is reduced to 59.4%.

In addition, in one embodiment, the interpretable model generation module may be implemented through a probabilistic approach. The probabilistic approach can be a learning effect with just a few samples, for example showing a long chair and a short chair to learn that there are also middle chairs. In other words, it is a technique of learning by filling out the insufficient data by itself. According to an embodiment, the probabilistic approach may include a function of correcting probabilities and programs by mathematical calculations.

Also, in one embodiment, the interpretable model generation module may be implemented using And-Or-Graph. And-Or-Graph is a graph showing the condition and conclusion of rule and AND / OR relationship in the form of graph. And-Or-Graph is structured intermediate and final data derived from artificial intelligence to logically determine the model decision process. There is an advantage that is easy to explain. That is, the graph is represented by an AND node and an OR node. Both AND nodes must be processed and only one OR node can be finished. By using the AND / OR graph, you can see a set of rules interspersed with each other as a structure and easily grasp the logical relationship between each sentence.

The model induction module can infer any black box model into a descriptive model. In one embodiment, the model induction module can be implemented with local interpretable model-agnostic explanations (LIME), which make the arbitrary black box model locally descriptive through sparse linear coupling around already descriptive data. Can be. For example, if a black box model that categorizes an image determines that an image is a heart, it is a description of the other model's heart that can already be described, that is, what part of the image is determined by comparing the pixels representing the heart with a given image. Can present

In addition, in one embodiment, the model induction module may be implemented as Bayesian rule lists (BRLs) that express the model as a series of if-then conditional statements. BRL breaks down high-dimensional, multivariate feature spaces into simple, already interpretable conditional statements to help understand complex models.

The above-described in-depth learning module, an interpretable model generation module, and a model induction module may operate independently of each other or in combination with each other, and their implementation order may also vary according to embodiments.

Next, the reason explanation interface module may express the description of the AI decision in a manner that can be understood by the user. Reason description The interface module may include necessary descriptions such as repeated descriptions, all necessary descriptions, no unnecessary descriptions, and appropriate amounts. That is, the user can easily provide the user with the language, tables, images, graphs, formulas, and the like, which process and the reason that the artificial intelligence has obtained the final result, and what factors or data influenced each step. .

Also, the reason explanation interface module may receive a correction command of the user. To this end, the reason description interface module may include correctability as essential items such that the description is flexible, respects the user's feedback, and observes the gradual change. The user can evaluate and develop the effect of the reason explanation interface module by receiving feedback about the clarity and utilization of the explanation.

In another embodiment, the decision reason presentation module may be formed of a causal model. The causal model may be formed to combine deep learning and Markov random fields. First, the probability distribution of the deep Markov random field model is modeled from the training data, and the structure of the Markov random field representing conditional independence between the random variables is studied. By inferring the latent function of the structured Markov random field into a deep neural network, it is possible to alleviate the problem of exponentially increasing the number of parameters required for the latent function as the number of input variables increases. Can learn associations According to an exemplary embodiment, the class classification problem may be learned like an auxiliary task, an attribute, and a super category, and then linearly combined at the output stage to enable an effective expression. It can also include interactive learning algorithms that allow a person to confirm that the causal relationship has been learned correctly and to provide feedback and make corrections.

In another embodiment, the decision reason presentation module may be implemented as an analysis module. As a technique for regressing a time series function into a multivariate Gaussian based on various kernels, we can learn the optimal kernel combinations representing the kernels in Gaussian processes and explain the given time series data based on the kernel combinations found above. Furthermore, a combination of a kernel that is expressed in common even when there is a plurality of time series data and a kernel that expresses characteristics of each time series data may be learned to describe characteristics common to a plurality of time series data. By writing the kernel combinations found through the time series data analysis model in natural language, the user can explain the process of deriving the decision made by artificial intelligence and the reason for it in natural language.

Through the module of presenting the decision reason, it is possible to visualize and textify the AI decision-making process from the user's point of view, to explain the components involved in the decision-making process, and to analyze the causes of the correlation between complex models. Can be explained by dividing into elements and result elements. In particular, it is written in the form of automatic reports that can be easily understood by the user, so that the artificial intelligence can interact with humans more precisely by providing the reason as well as the result of analyzing the data.

The term '~' used in the above embodiments refers to software or a hardware component such as a field programmable gate array (FPGA) or an ASIC, and '~' serves a part. However, '~' is not meant to be limited to software or hardware. '~ Portion' may be configured to be in an addressable storage medium or may be configured to play one or more processors. Thus, as an example, '~' means components such as software components, object-oriented software components, class components, and task components, and processes, functions, properties, procedures, and the like. Subroutines, segments of program patent code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, and variables.

The functionality provided within the components and 'parts' may be combined into a smaller number of components and 'parts' or separated from additional components and 'parts'.

In addition, the components and '~' may be implemented to play one or more CPUs in the device or secure multimedia card.

The server 100 according to the embodiment described with reference to FIG. 1 may also be implemented in the form of a computer-readable medium for storing instructions and data executable by a computer. In this case, the command and data may be stored in the form of program code, and when executed by the processor, a predetermined program module may be generated to perform a predetermined operation. In addition, computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer readable medium may be a computer recording medium, which is volatile and non-implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. It can include both volatile, removable and non-removable media. For example, the computer recording medium may be a magnetic storage medium such as HDD and SSD, an optical recording medium such as CD, DVD and Blu-ray Disc, or a memory included in a server accessible through a network.

1 according to the embodiment described with reference to FIG. 1, etc., may be implemented as a computer program (or computer program product) containing instructions executable by a computer. The computer program includes programmable machine instructions processed by the processor and may be implemented in a high-level programming language, an object-oriented programming language, an assembly language, or a machine language. . The computer program may also be recorded on tangible computer readable media (eg, memory, hard disks, magnetic / optical media or solid-state drives, etc.).

The server 100 according to the embodiment described with reference to FIG. 1 may be implemented by executing a computer program as described above by a computing device. The computing device may include at least a portion of a processor, a memory, a storage device, a high speed interface connected to the memory and a high speed expansion port, and a low speed interface connected to the low speed bus and the storage device. Each of these components are connected to each other using a variety of buses and may be mounted on a common motherboard or otherwise mounted in a suitable manner.

Here, the processor may process instructions within the computing device, such as to display graphical information for providing a graphical user interface (GUI) on an external input, output device, such as a display connected to a high speed interface. Instructions stored in memory or storage. In other embodiments, multiple processors and / or multiple buses may be used with appropriately multiple memories and memory types. The processor may also be implemented as a chipset consisting of chips comprising a plurality of independent analog and / or digital processors.

The memory also stores information within the computing device. In one example, the memory may consist of a volatile memory unit or a collection thereof. As another example, the memory may consist of a nonvolatile memory unit or a collection thereof. The memory may also be other forms of computer readable media, such as, for example, magnetic or optical disks.

In addition, the storage device can provide a large amount of storage space to the computing device. The storage device may be a computer readable medium or a configuration including such a medium, and may include, for example, devices or other configurations within a storage area network (SAN), and may include a floppy disk device, a hard disk device, an optical disk device, Or a tape device, flash memory, or similar other semiconductor memory device or device array.

The server 100 performing the functions as described above includes an administrator management module (not shown in the drawings for convenience of description) for assisting an administrator to efficiently operate an administrator for maintaining and maintaining a device such as a server. can do.

In one embodiment, the manager management module may generate a list of managers listed according to the order in which they are input.

That is, the manager management module selects a manager that is first input as a priority manager according to the order in which the module is registered, regardless of the manager's management ability, and selects a manager who is next to the highest manager as the next manager. The manager input next to the next manager is recognized as the third manager.

In an embodiment, when an event of maintenance / repair of a device occurs, the manager management module may select a manager to resolve the event from among the managers included in the previously created manager list and request a solution.

To this end, the manager management module should register manager information (for example, a phone number, a home address, etc.) of registered managers for each manager.

If the administrator selected by the administrator management module resolves the event, the administrator will be given points according to the resolution of the event. If the administrator fails to resolve the event, other administrators who resolved the event will be added to the previously created administrator list. You will be asked to select from among the included administrators.

The manager may be selected at random according to the manager management module as described above. However, the manager may be randomly selected without a separate rank. However, as shown below, the manager may be ranked in order to more efficiently respond to event resolution.

The priority level selection of manager selection according to the manager management module is as follows.

First, the highest level among the managers included in the manager list (in this case, the highest level of the manager list that is initially created is not selected according to the superiority of the manager's management ability as described above, but simply according to the rank added to the manager list). Will be requested to resolve the event.

At this time, if the first selected administrator cannot resolve the event or if the event is not resolved, the same resolution request is sent to the manager listed in the next order, and the process proceeds until the event is resolved. .

When a specific manager resolves the event, the manager selection process is interrupted and the manager is given points based on event resolution.

When the point assignment is completed, the manager management module updates the minimum generated manager list. In this case, the given point is considered according to the event resolution when determining the rank between the managers.

As a result, even the managers who were placed in the lower rank may be increased to the rank due to the points awarded according to the resolution of a specific event. Event resolution will push the manager down.

The server 100 performing the above function evaluates the competency of the manager using points given to the managers included in the list generated by the manager management module, and resolves the event of the device in which the event is generated. An administrator evaluation module (not shown in the drawings for convenience of description) may be further included to select a manager who is more suitable to the.

In an embodiment, the manager evaluation module may add points of preset scores to the manager who resolved the event according to the number of times the event has been participated in the event resolution.

For example, if an administrator named A participates in a repair event that occurred on a specific device and performs the event, he or she will receive 10 points, and then participates in a repair event that occurred on another device to perform the event. In this case, according to this case, if 10 points are given, A's rank is determined through a total of 20 points.

However, at this time, points given according to event resolution are not equally calculated for all events, and mobilization may be calculated differently for each event according to the degree of labor required according to expertise or event resolution required for event resolution.

For example, an event that does not require special labor or expertise, such as simply patrolling a device, calculates one point, a relatively low score for resolving the event. If it is not possible to expect a solution, and high-skilled personnel need input, it is possible to calculate the height of points given according to the difficulty of maintenance, such as giving a relatively high score of 10 points.

In this case, when the same event as that of the existing device is generated for another device of the same type, the event management request is first transmitted to the manager who resolved the event of the existing device by the above-described manager management module. If the solution is resolved, the manager evaluation module will assign points accordingly.

According to an embodiment, the above-described manager management module may separately generate a manager list for each device so as to select an administrator having more expertise in the corresponding device for each device.

When a new device is introduced into the system, the server 100 performing the function as described above updates the manager list previously generated by the manager management module as described above to efficiently perform the new device. It may further include a list update module (not shown in the drawings for convenience of description).

In one embodiment, the list updating module reads the presence or absence of the newly introduced device, maintains the previously created list if there is no newly introduced device, and displays the previously created list if the newly introduced device exists. The following procedure is performed to perform the update.

First, the list update module reads the presence or absence of an administrator with prior knowledge related to the newly introduced device.

At this time, the determination of the presence or absence of prior knowledge can be confirmed by reading the manager information stored by the manager management module.

If there is an administrator who has prior knowledge related to the newly introduced device in the previously created list, the device in the previously created list can be sent to the administrator to send an event resolution request with the highest priority when an event occurs in the corresponding device. The managers who have expertise in know-how will be updated to the highest priority list to update the list to be created.

If there is no administrator who has prior knowledge related to the newly introduced device in the previously created list, the device having the highest similarity with the corresponding device is read and the prior knowledge related to the device having the highest similarity is read. If there is a manager who has a manager, the manager who has the know-how on the device with the highest similarity in the list created in advance will be given the highest priority so that the manager can send the event resolution request first when an event occurs on the newly introduced equipment. By increasing the rank, the list to be created is updated.

Therefore, although not having expertise in each of the newly-introduced devices, the manager who specializes in the device with the highest similarity to the newly-introduced device is required to perform maintenance, so that the new manager can be maintained to maintain and maintain the new equipment. This can save you the trouble of sorting and scouting.

The above-described embodiments are for illustrative purposes, and those of ordinary skill in the art to which the above-described embodiments belong may easily change to other specific forms without changing the technical spirit or essential features of the above-described embodiments. I can understand. Therefore, it is to be understood that the above-described embodiments are illustrative in all respects and not restrictive. For example, each component described as a single type may be implemented in a distributed manner, and similarly, components described as distributed may be implemented in a combined form.

The scope to be protected by the present specification is represented by the following claims rather than the above description, and should be construed to include all changes or modifications derived from the meaning and scope of the claims and their equivalents. .

10: business risk management system
100: server
110: risk autonomy
120: risk monitoring measures
130: risk diagnosis management
140: risk management
150: risk information update means
160: system driving means
200: terminal
300: network

Claims (2)

A user terminal in which a dedicated program for providing a business risk management service through a network is installed; And
Including a server for providing a business risk service in real time chart and graphed information to the user through a dedicated program installed in the user terminal,
The server may include: risk autonomous control means for managing a risk item for each business scenario inputted from the user terminal; Risk monitoring means for managing risk monitoring information on risk items for each work scenario by using the risk items for each work scenario and standard data pre-built in the server; Risk diagnosis management means for managing the audit results of the risk items for each business scenario by using the risk monitoring information and processing them into charted and graphed information; Risk management means for managing the progress for each business scenario using the risk monitoring information, and executing at least one of progress, stop, vocation, and alarm according to the risk monitoring information; And risk information update means for analyzing the audit result of the risk diagnosis management means and the work risk information collected from the outside to predict the blank security technology and presenting information that needs to be supplemented and upgraded.
The server includes a first database for storing the standard data; A second database for storing information on risk items for each business scenario; A third database for storing an analysis result of the risk monitoring information input from the user; And a fourth database for storing the audit result and the follow-up management information of the risk item for each work scenario inputted from the user.
The risk diagnosis management means may determine an abnormal symptom based on the risk monitoring information, perform a detailed analysis, request the evidence data of the abnormal symptom from a user of the user terminal user, Notifying the detection of the abnormal symptoms and receiving the calling data, and conducting at least one audit association scenario-specific item according to the user's judgment data on the calling data for the abnormal symptoms input by the user terminal user,
The risk autonomous control means is an interface for inputting a risk item for each work scenario as an information change request module for providing a menu for requesting new registration and information change for the risk item for each work scenario to the user terminal. A risk autonomous control interface unit provided to the user terminal; And a business process management means for managing the risk items for each work scenario inputted from the user terminal through the risk autonomous control interface unit,
The risk monitoring means, the monitoring interface unit for providing a menu for selecting a risk item for each work scenario for risk monitoring to the user terminal; A standard data acquisition unit for obtaining standard data corresponding to the risk item for each work scenario selected from the user terminal through the monitoring interface unit from the server; An abnormal symptom data generation unit for comparing the selected risk item for each business scenario with the standard data and generating abnormal symptom data according to a predetermined abnormal symptom occurrence criteria for the selected risk item for each business scenario; A risk grade generation unit for assigning a risk level to at least one of a detection frequency, a detection time, and a detection frequency of the abnormal symptom data; And a risk analysis unit which obtains information on detailed items for each business scenario from the server and generates charted and graphed information on the selected risk items for each business scenario.
The risk diagnosis management means includes: an audit management interface unit providing an interface for inputting an analysis result of the risk monitoring information to the user terminal; And it provides an interface for inputting the thanksgiving discrimination audit results, and includes a post-management interface for accumulating and managing the input information,
The risk information updating means may include: an information collecting module that collects the audit result of the risk diagnosis management means and technology and trend information on the work security technology development of other companies through keyword search; After scanning and photographing information of any one of books, documents, photographs, drawings, and various images collected by the information collecting module, transforming the information into digital data, and extracting text data from the digital data, the photographs, drawings, and images A data registration support module for extracting text data by extracting text that can be extracted from photographs, drawings and images using machine learning technology, and storing the extracted text data; A clustering module for clustering the textified digital data using at least one of a text mining technique, a principal component analysis, a silhouette width analysis, and a K-medoids algorithm analysis, and then analyzing and predicting a work security technology in an injured or empty state; In order to secure the validity of the analysis and prediction result of the clustering module, the clustered digital data is divided into learning data and evaluation data based on the generation time, and then validity of the clustered digital data is evaluated using the evaluation data. Evaluation module; The correlation between the risk item for each scenario, the standard data, the audit result of the risk diagnosis management means, and the abnormal symptom data among the results derived through the feasibility assessment module is analyzed and the user is analyzed. An association analysis module for providing the digital data having associations equal to or greater than a numerical value set by the user; And using artificial intelligence to analyze the causal relationship to the results provided by the correlation analysis module, including a decision reason presentation module for explaining the reason why such results,
The decision reason presentation module further includes a model building module and a reason explanation interface module, wherein the model building module is implemented including any one of an in-depth explanatory learning module, an interpretable model generation module, and a model induction module. The description interface module provides the user with a description, including at least one of language, tables, images, graphs, and formulas, indicating what process and reason the AI produced the final result and what factors or data affected each step. Provide feedback on the clarity and utilization to the user with respect to the description provided above,
The server includes a backup file decentralization module for securely protecting various kinds of information, and the backup file decentralization module converts information including user information or system information into a backup file from an external attack including hacking or ransomware. After the creation, the generated backup file is generated and stored in order of the first backup file and the second backup including the same data, and stored at different storage locations of the first backup file and the second backup file, and the preset Periodically, the storage location of the primary backup file and the secondary backup file is changed to a predetermined place on the system or a place designated as a folder or sub folder created according to a random variable,
When an intrusion is detected from the outside, the backup file decentralization module continuously replicates the primary backup file and the secondary backup file to generate a plurality of sub backup files, and generates the plurality of sub backup files. Individually stored in different places generated according to the random variable,
When the backup file decentralization module stores the backup file in a synchronization folder linked with a cloud service, when the storage of the backup file is completed in the synchronization folder and the stored backup file is uploaded to the cloud, the backup file is distributed to the synchronization folder. A business risk management system that deactivates synchronization.
delete

Images