Journal of Korean Society of Industrial and Systems Engineering (산업경영시스템학회지)

Society of Korea Industrial and System Engineering (한국산업경영시스템학회)
권호 표지

A Study on Optimal Developmental Cost for Quality Factors of Integrated Information Security Systems

통합정보보호시스템의 최적 품질 확보를 위한 최소개발비용 탐색에 관한 연구

  • Park, You-Jin (Department of Business Administration, College of Social Sciences, Chung-Ang University) ;
  • Choi, Myeong-Gil (Department of Business Administration, College of Social Sciences, Chung-Ang University)
  • 박유진 (중앙대학교 상경학부 경영학과) ;
  • 최명길 (중앙대학교 상경학부 경영학과)
  • Received : 2008.12.03
  • Accepted : 2010.07.29
  • Published : 2010.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

To protect information resources, many organizations including private corporate and government employ integrated information security systems which provide the functions of intrusion detection, firewall, and virus vaccine. So, in order to develop a reliable integrated information security system during the development life cycle, the managers in charge of the development of the system must effectively distribute the development resources to the quality factors of an integrated information security system. This study suggests a distribution methodology that minimizes the total cost with satisfying the minimum quality level of an integrated information security system by appropriately assigning development resources to quality factors considered. To achieve this goal, we identify quality factors of an integrated information system and then measure the relative weights among the quality factors using analytic hierarchy process (AHP). The suggested distribution methodology makes it possible to search an optimal solution which minimizes the total cost with satisfying the required quality levels of processes by assigning development resources to quality factors during the development life cycle.

Keywords

References

  1. 김종기 외; 시스템 보안공학 능력 성숙도 모델 고찰, 정보보호학회지, 11(6) : 2001.
  2. 국가사이버안전센터; http://www.ncsc.go.kr/the list of certified products.
  3. 산업기술인터넷방송, http://www.itstv.net/broadlnews listasp?opt = contents&wrd = 보안&page = 2&status = list.
  4. Aguaron, J., et al.; "The Geometric Consistency lndex : Approximated Threshold," European Journal of Operation Research, 147 : 137-145, 2003. https://doi.org/10.1016/S0377-2217(02)00255-2
  5. Cote, et al.; "The Evolution Path for Industrial Software Quality Evaluation Methods Applying ISO/IEC 9126," Software Quality Journal, 17-39, 2001.
  6. Choi, M. G., Lee, S. Y., and Jung, T. M.; " An Empirical Study of Quality and Cost Balanced Security Engineering," Lecture Notes in Computer Science, 3903 : 379-389, 2006. https://doi.org/10.1007/11689522_35
  7. Choi, M. G. and Shin, S. M.; "Optimizing Quality Levels and Development Costs for Developing an lntegrated Information Security System," Lecture Notes in Computer Science, 4867 : 359-370, 2007. https://doi.org/10.1007/978-3-540-77535-5_26
  8. Eloff, M. and Solms, S. H., "Information Security Management, Hierarchical Framework for Various Approaches," Computers and Security, 19 : 243-256, 2000. https://doi.org/10.1016/S0167-4048(00)88613-7
  9. Goldberg, D. E.; Genetic AIgorithms in Search Optimization, and Machine Leaming, Addison-Wesley Professional, 1989.
  10. ISO/IEC, Software Engineering-Product QualityPartl Quality Model, 2001.
  11. John Leach; "Security Engineering and Security Rol," Computers and Security, 22(6) : 482-486, 2003. https://doi.org/10.1016/S0167-4048(03)00605-9
  12. Y. Lee, J. Lee and Z. Lee; "Integrating Software Lifecycle Process Standards with Security Engineering," Computers and Security, 21(4) : 345-355, 2002. https://doi.org/10.1016/S0167-4048(02)00413-3
  13. Park, Y. J., Montgomery, D., Fowler, J., and Borror, C.; "Cost-Constrained G-efficient Response Surface Designs for Cuboidal Regions," Quality Reliability Engineering International, 22(2) : 121-139, 2006. https://doi.org/10.1002/qre.690
  14. Pham, D. T. and Karaboga, D.; Intelligent Optimisation Techniques : Genetic Algorithms, Tabu Search, Simulated Annealing and Neural Networks, Springer, 2000.
  15. Pijl, G., Swinkels, G., and Verijdt, J.; ''ISO 9000 versus CMM : Standardization and Certification of IS Development," Information and Management, 32 : 267-274, 1997. https://doi.org/10.1016/S0378-7206(97)00019-0
  16. Satty, T. L.; Decision Making for Leaders : The Analytical Hierarchy Process for Decision in a Complex World, RWS Publications, 1995.
  17. Wood, C. and Snow, K.; "IS0 9000 and information, Security, Computer and Security," 14(4) : 287-288, 1995. https://doi.org/10.1016/0167-4048(95)97069-M
  18. 3com, http://www.3com.com/en_US/jump_page/em.