DOI QR코드

DOI QR Code

스마트워크 기반의 정보보호 감리 모형

An Audit Model for Information Protection in Smartwork

  • 한기준 (건국대학교 컴퓨터공학과) ;
  • 김동수 (건국대학교 정보통신대학원) ;
  • 김희완 (삼육대학교 컴퓨터학부)
  • Han, Ki-Joon (Dept. of Computer Science and Engineering, Kunkuk University) ;
  • Kim, Dong-Soo (Graduate School of Information and Telecomunications, Konkuk University) ;
  • Kim, Hee-Wan (Division of Computer Engineering, Shamyook University)
  • 투고 : 2013.11.22
  • 심사 : 2014.01.20
  • 발행 : 2014.01.28

초록

스마트워크 기술은 재택근무나 스마트워크센터, 모바일 단말기 등을 활용하여 시간과 공간의 제약이 없는 유연한 근무 환경을 제공한다. 업무의 효율성을 높여주는 스마트워크 시스템에는 그 편리성만큼 여러 정보보호에 대한 위협이 존재한다. 따라서, 스마트워크 구축시에는 정보보호 대책을 적절하게 마련되도록 정보보호 감리를 수행하여야 한다. 본 논문에서는 스마트워크 환경 구축을 위해 실무 기술적 차원에서 정보보호 감리모형을 제안하였다. 정보 보호를 위해 터미널, 네트워크 및 서버 영역으로 분류하고, 전문 정보보호감리 점검항목을 도출하였다. 또한, 스마트워크 정보보호 감리시점을 수립하고 점검항목과 ISMS 통제분야를 매핑함으로써 보안성과 효율성을 동시에 향상시킬 수 있도록 감리모형을 제안하였다. 제안한 정보보호 감리영역 및 점검항목들이 스마트워크 정보보호 감리의 목적에 부합되는지를 검증하기 위해서 감리사 및 IT 업계 종사자를 대상으로 설문조사를 통하여 적합성을 검증하였으며, 13개의 점검항목에서 97% 수준으로 적합하다는 결론이 도출되었다.

Smartwork technology, using teleworking, smartwork centers and mobile terminal, provides a flexible work environments without constraints of time and space. Smartwork system to increase the work efficiency has the information protection threats according to their convenience. Thus, in order to build smartwork, it is proper to provide information protection audit to help ensure the information protection. In this paper, we have proposed an infortaion protection audit model at the practical and technical level for building a smartwork environment. We were classified as a terminal, network and server area for information protection, and derived a professional information protection check items. Further, by establishing a smartwork information protection audit time to map ISMS control items, we have proposed an audit model so that it is possible to improve the security and efficiency. It also verified whether the proposed model is suitable or not by doing a survey if deduced audit domain and check items correspond with the purpose of the smartwork information protection audit to auditors and IT specialists. As the result, this study was 97% satisfaction out of 13 check items.

키워드

참고문헌

  1. Korea Communications Commission, introduction, operation guidebook of smartwork for enterprise, Korea Communications Commission, 2011
  2. National Information Society Agency, CIO Report 26 Smart phones and mobile office security issues and response strategies, National Information Society Agency, 2010
  3. Hae Soo Hwang, Ki Hyuk Lee, A study on the mobile security model for secure smartwork, Review of KIISC 21(3), pp.22-34, 2011
  4. Hyung Chan Lee, Jung Hyun Lee, Ki Wook Son, Smartwork security threats and countermeasures, Review of KIISC 21(3), pp.12-21, 2011
  5. Ho Sun Yun, Sung Back Hong, Hyung Yul Yum, In Jae Kim, Mobile VPN structure suitable for smartwork environments, Journal of Advanced Information Technology and Convergence(JAITC) 9(5), pp.159-166, 2011
  6. National Information Society Agency, u-Work Service Activation Support Project, National Information Society Agency, 2007
  7. Ji Yong Lee, Dong Soo Kim, Hee Wan Kim, A design of the information security auditing framework of the information system audit, Korea society of digital industry and information management 6(2), pp.233-245, 2010.
  8. Dong Soo Kim, Nam Jae Jun, Hee Wan Kim, Design of financial information security model based on enterprise information security architecture, Korea society of digital industry and information management 6(4), pp.307-317, 2010.
  9. Ho Ik Jang, Ho Hyun Han, Nam Yong Lee, Jang Hee Jo, A study on the selection model of information protection management system control items, The journal of korea information and communications society 35(8), pp. 195-204, 2010
  10. Korea Communications Commission Notice 2010-3, Notice regarding information security management system certification, Korea Communications Commission, 2010
  11. Hee Myung Lee, Jong In Lim, A study on the development of corporate information security level assessment models, Review of KIISC 18(5), pp.161-170, 2008
  12. Myeong Soo Jeong, Dong Bum Lee, Jin Kwak, An analysis of smartwork security threats and security requirements, Korea institute of information security and cryptology 21(3), pp.55-63, 2011
  13. Ministry of Security and Public Administration, Smartwork promotion plan, Ministry of Security and Public Administration, 2010
  14. National Information Society Agency, National Information white papers, National Information Society Agency, 2011
  15. FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems, NIST, 2006.
  16. FIPS PUB 200, Minimum Security Requirements for Federal Information Systems and Organizations, NIST, 2006.
  17. ISO/IEC 27000, Information technology-Security techniques - Information security management systems - Overview and Vocabulary, ISO, 2009.