Financial AI Security (PART 2. Security Review)

- Policy revision for establishing cloud management systems (CSP/MSP contracts and SaaS contracts) - Vulnerability assessment for ISMS-P/ISO27001 certification or major information communication/electronic financial infrastructure response in cloud environments (public/private asset identification and vulnerability remediation) - Security operations and incident response in cloud environments - ISO27017&ISO27018 certification response

- Understanding the establishment and inspection of personal information management systems in accordance with the Personal Information Protection Act - Inspection and status assessment of personal information processing systems - Creation of personal information flow charts and flow diagrams - Identification of personal information breach factors - Publication of personal information impact assessment summaries

Training on inspection know-how for privacy officers, business department managers, and trustees subject to consulting Providing improvement plans for negligent trustee management and supervision, and detailed explanations of inspection methods

Finally, I feel that the AI security review (NIS/FSI) checklists, which have been vaguely positioned over the past 7–8 years, are now accurate from a practitioner's perspective, and I have established a clear framework for how to change, establish, and operate the management system. I will explain what AI security is and how it should be improved after June 2026, based on the standards of South Korea's top-tier companies (those with the highest level of information security). (This is not a basic or conceptual explanation*) I have developed this training divided into PART 1 (Basics & Overview) and PART 2 (Advanced & Security Review), so please refer to it.

This training was created to first help privacy officers recognize and understand the requirements for establishing a proactive protection system, as previously announced through the June 2026 Personal Information Protection Act and the Personal Information Protection Commission's (PIPC) compliance inspections. It aims to help companies review their current status, identify areas for improvement, and establish future action plans. Based on over 8 years of experience in providing advisory and consulting services for personal credit information protection, this course is designed to support strategy formulation and the preparation of reporting documents for executive management.

The shortage of PMs in security consulting firms is a persistent issue. Consequently, there are many cases where individuals in their 40s and 50s from completely different fields have been entering the industry to handle PM duties and client communications. Since these PMs in their 40s and 50s lack experience in technical areas, consulting, and security, they find the work very challenging. They often join with the mindset of learning through handovers from other PMs. I have also been providing training and handovers to these PMs based on the following content, and the satisfaction levels have been high.

Achieved the highest rating for all clients over 6 years of performing Personal Information Protection Level Evaluation consulting for public institutions (covering various types from central administrative agencies to public enterprises, small-scale public institutions, and local governments), maintained the highest rating for all (continuous consulting experience with the same institutions), and holds a track record of achieving a perfect score of 100 (ranked 1st nationwide). Based on the 2026 manual, it is possible to effectively allocate the necessary tasks and performance records for writing quantitative/qualitative reports considering the strengthened penalties and changed indicators following the Coupang incident. Depending on the company's situation, it is fully possible to be designated as a best practice through either over-investment or strategic passive response.

Insufficient capability to audit new technologies (cloud management systems) due to a lack of theory and knowledge among management system inspection personnel. Training to strengthen the expertise of personnel who proactively prevent incidents by identifying management system deficiencies to protect companies from hacking. Training for existing infrastructure and penetration testing personnel to transition into management system roles. Securing definitive capabilities and materials through the provision of back data!

In cases where there is a lack of experience with electronic financial infrastructure due to only having experience in critical information and communications infrastructure, or where there is a lack of overall understanding of infrastructure projects due to insufficient experience as an Infrastructure PL or PM despite having experience with servers, DBs, networks, and security equipment, it is necessary to secure assessment capabilities for network infrastructure check items and provide assessment back-data.

As PaaS (previously categorized as WEB/WAS) in public and private cloud environments is integrated into in-house PaaS operations, this training is designed for Infrastructure Project Leaders (PLs) overseeing approximately 10 infrastructure inspection personnel, as well as vulnerability assessment specialists. The curriculum covers certification requirements such as ISMS-P, including cloud asset identification, asset classification, importance rating, and risk assessment reflection. It also addresses the 2026 Financial Company Security Standards (for Electronic Financial Infrastructure Vulnerability Analysis and Evaluation), which include the establishment and strengthening of container inspection and private cloud management system inspection items, as well as the addition and modification of virtualization and cloud items within Critical Information and Communication Infrastructure.

Lack of back data for private cloud inspections!! A severe shortage of experienced personnel for IaaS inspections!! Improve practical skills by providing back data and utilize it for various certifications such as Major Information and Communication Infrastructure, Financial Security Institute (FSI) assessments, ISMS-P, ISO27001, etc. Professional training for Infrastructure Project Leaders (PLs) who manage around 10 infrastructure inspection personnel. Providing inspection data and understanding of the technical areas within the cloud management framework!

Providing insights and materials for overall management of penetration testers (WEB, Mobile, HTS) targeted at Project Leaders who oversee financial company mock hacking/penetration testing. Situations have occurred where "blank" reports are repeatedly submitted when no vulnerabilities are found in each part (the same applies to the public sector). Therefore, controls are implemented to ensure that inspection results for each item are produced in the same format as educational materials. Perform inspections tailored to each theme and utilize them for security reviews and internal security deliberations to verify results.

Conducting Windows server competency training to break the trend of new and career-transitioning security consultants focusing solely on Linux servers. Understanding the Windows OS and its relationship with servers and programs installed on the OS, such as PC, WEB, WAS, and DBMS. Understanding vulnerabilities and continuing vulnerability assessment and improvement activities.

Education on the most basic Linux server inspection methods and items due to the continuous assignment of new security consultants for vulnerability assessment and the continuous placement of experienced professionals from other fields into management roles. Risk assessment for risk evaluation (remediation planning) and implementation review. Understanding and application of third-party security solutions. Establishment of the ISMS-P management system through appropriate analysis of technical and administrative domains.

Classification of inspection items and establishment of an inspection plan (strategy) during network inspection Establishment of inspection criteria considering the risk and difficulty of actions Inspection of network service items and strategies for utilizing server access control solutions Command-based inspection after remote network access and preparation of risk assessment reports Interviews with network personnel and application of manual inspection items

A lecture for security consultants who have experience only in Linux, DB, WEB, networks, and security equipment, but lack experience with PCs. Securing response capabilities for cases where PC inspections are replaced by security solutions or conducted via scripts. Categorizing inspection items to prepare inspection strategies and establish response strategies based on inspection experience. One of the business improvements (KPIs) to shorten inspection time and increase accuracy.

Security equipment cannot be inspected using scripts or solutions like databases. Experienced personnel must be assigned. Difficulty in recruiting, including experienced individuals, diligent diagnosticians, or freelancers. Numerous defects found during ISMS-P certification of security equipment; skill levels vary significantly depending on the inspector. Sharing inspection methods and management strategies (methodologies, etc.) for security equipment with those who need them.

Database vulnerability assessment training for the protection of critical information and communication infrastructure in the public sector. Demand for vulnerability assessments arises as a legal requirement. Characterized by the need to secure sufficient assessment time and budget, particularly in the public sector. Lack of specialized personnel for vulnerability assessments in the public sector. Lectures for establishing protection measures in response to revisions of critical information and communication infrastructure and annual changes.

This content is composed of insights from experienced professionals—ranging from newcomers to those with 35 years of experience—performing vulnerability analysis and evaluation for Financial Security Standards and Major Information and Communication Infrastructure. It is designed to provide valuable information for new employees or experienced professionals transitioning from other fields. Among the various types, Database was selected, and the evaluation criteria are based on the Financial Security Standards. While basic training or handovers are typically based on the previous year's standards, I believe it would be helpful to familiarize yourself with various analysis techniques as well. Since diverse strategies are required for accurate and rapid diagnosis within a limited timeframe, this may also be beneficial for PMs who plan from the perspective of methodology and approach.

Career concerns in security consulting: 5 hours of audio explanations covering career solutions from entry-level to 30-year veterans. Includes mental stability and salary negotiation strategies for new security consultants or those struggling to adapt. Includes methods for upgrading job skills and improving internal/external reputation. A lecture designed to resolve concerns for those considering a job change or career path shift.

As AI systems become agentic and expand beyond text into image, audio, and multimodal capabilities, security threats are becoming significantly more complex. This lecture analyzes the latest security threats and attack techniques faced by AI Agents and Multimodal LLMs, as well as real-world cases, from an AI Red Teaming perspective.

Genspark Ambassador's Lecture >> Genspark, the AI Super Agent that smartly handles everything from PPT, Excel, images, and videos to Vibe Coding! You’ve been waiting because there were no lectures or books that covered Genspark in depth, right?! Rated 4.8 by 100 students ⭐️⭐️⭐️⭐️⭐️ After using it for a year, I have organized all the detailed features into extensive learning materials and a 4-hour lecture. If you know how to use it, Genspark solves all your work; if you don't, it just eats up your credits. Increase your productivity by 300% through this lecture!

There may be people who have never taken my lecture, but no one has taken it only once. After teaching in person for so long, I have finally had the opportunity to create this online course. Since the commercialization of AI, I have produced and researched countless pieces of AI content. Based on that knowledge and experience, I have built a logical philosophy of my own and organized it into concepts that are easy for anyone to understand. For those who have been generating AI images without considering the underlying concepts, I will instill a proper foundation in you. Once you take this course, you will be able to create any AI image in the future. Have you never created an AI image before? That’s perfectly fine. You don't need any prior experience in AI image generation. By simply learning and practicing through this lecture, you can become an expert in AI content creation.

The start of smart work - work intelligently anywhere, mobile or PC! Go beyond the limits of content creation with the most advanced Google AI tools available today.

In the rapidly changing era of AI, IoT, metaverse, and blockchain, understanding technology alone is not sufficient. This course is an introductory guide designed to help you easily identify the security risks brought by the latest digital technologies in just 1 hour. With easy explanations that can be understood even without technical background knowledge and a composition centered on real-world cases, you can organize the security points you must know in the next-generation digital environment all at once.

As the adoption of generative AI accelerates, new security threats such as corporate confidential information leaks and prompt injections are surging. This course covers strategies for embedding security throughout the entire AI lifecycle, based on the National Intelligence Service (NIS) guidelines' 30 core security measures and 15 practical threat cases. It also addresses security issues in the latest AI trends, such as Agentic AI and Physical AI, and presents methods for establishing governance frameworks that can be immediately applied in practice.

Beyond the era of simply using AI, we are now in an era that requires people who can design AI. This course is a master roadmap that systematically organizes the entire design map of AI agents, from "Introduction → Structure → Design → Operation." Based on RAG, Tool Calling, Memory, and Multi-Agent structures, you will learn how to design and scale AI agents from an architect's perspective. If you want to grow into someone who designs AI systems rather than just someone who "uses" AI, this course will provide the direction.

AI literacy refers to the "ability for general users, not just technicians, to effectively utilize AI in their practical work and daily lives," as well as the "competency to critically evaluate AI." This is a practice-oriented literacy course designed for non-experts to understand the core knowledge for "utilizing" AI well—covering everything from prompt engineering to security understanding, expansion, automation, and the structure of language models.

As AI rapidly permeates daily life and industries, attack techniques targeting these systems are evolving alongside them. This course is a practical, hands-on program designed to help you understand the latest security threats surrounding Generative AI and LLMs, automate security tasks using AI, and experience LLM jailbreak attacks and defenses firsthand.

Create high-quality AI videos with Midjourney & Runway. Director Dong-ah Kim, who collaborated with Samsung, will personally guide you through the step-by-step process of AI video production based on a virtual brand.

LLM and Agent, the fundamental technologies behind AI like ChatGPT. LLM is currently the technology that has come closest to AGI. In this lecture, we will explore LLM and Agent technologies from a layperson's perspective.

AI is no longer a choice, but a matter of survival. Shorten development tasks that used to take 3 days down to 30 minutes; leave repetitive tasks to AI and focus on solving more important problems. Through AI-native development methods that are practical rather than theoretical, we will show you the definitive way to be recognized as an "AI-savvy developer" at your company.

The lecture explains why the harness is more important than the model through the Claude Code architecture. It covers how to design the Claude Code task system using six structures: Context Harness, Permission Harness, Verification Harness, Tool Harness, Subagent & Worktree Harness, and Debugging Harness. Afterward, it connects these concepts to CLAUDE.md, session management, large codebase control, worktree parallel operations, error log analysis, and tracking environment variables and configuration scope issues, establishing the standards for continuously using Claude Code in practical backend and DevOps workflows.

Sensational video content created with just a single line of text! A quick and easy introduction to SNS content creation starting with Kling AI

In the era of smart factories and autonomous driving, is our production line truly safe? The remarkable advancement of Artificial Intelligence (AI) has brought innovative productivity and efficiency to the automotive manufacturing industry, but it is simultaneously creating unprecedented security threats to the Operational Technology (OT) environment within factories. This lecture breaks down "OT Security"—which can often feel vague and difficult—in a clear and easy-to-understand manner through vivid, real-world examples from the automotive industry.

AI Tech DNA Series: Core Principles of Computer Basics from an AI Perspective is an introductory course designed to help you easily understand the fundamental computer concepts necessary for the AI era. By explaining basic principles such as CPU, memory, storage, networks, and data structures through real-life analogies and an AI-focused lens, it builds the solid foundational strength needed to advance into Python, AI, security, and the cloud.

The Gemini agent that works across Google Drive! Put the finishing touches on your Google AI workflow with overwhelming productivity.

This is a course on creating blog images using DALL-E 3. This course provides practical knowledge and hands-on opportunities from the basics of image generation technology to advanced usage techniques and problem-solving strategies.

How have others used ChatGPT in their daily lives? We are revealing actual conversation logs!

Generative AI for Designers🧙‍♂️ We reveal practical know-how to maximize design work efficiency with generative AI like Canva and Midjourney.