As the organizations become more dependent on information system (IS), IS security becomes more important. Nonetheless, the risk management methodology or tool for Korea is absent although the risk management is basic process for IS security. This thesis attempts to develop the conceptual framework of the Korea-specific risk management system. Although this system framework remains in conceptual level, it can be the guideline to future development of risk management system in Korea.
For the theoretical background of the system framework, the contingency model for threat identification is presented and validated. This model suggests the relation of the organizational context variables to the importance of threats.
In order to test the possibility of applying CBR technique to risk management system, CBR experiment is performed. The hit ratio of CBR experiment is about 60%. This result shows that CBR technique can be applied to risk management area.
The risk management system framework is developed on the basis of the contingency model and CBR experiment. This system framework follows the traditional risk management process. Nevertheless, each stage of the system uses various techniques: CBR, rule-based system and checklist method.