정보화정책 (Informatization Policy)

한국지능정보사회진흥원 (National Information Society Agency)
권호 표지
DOI QR코드

DOI QR Code

문헌 분석을 통한 정보보안 감사 분야의 국내 및 국제 연구동향 분석

Analysis of Research Trends of the Information Security Audit Area Through Literature Review

  • 투고 : 2023.10.31
  • 심사 : 2023.11.21
  • 발행 : 2023.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

정보/정보시스템의 중요성이 높아지면서, 정보보안에 대한 중요성이 강조되고 있고, 조직에 적합한 정보보안 수준을 유지하기 위한 도구로서 정보보안 감사의 중요성 또한 높아지고 있다. 본 연구의 목적은 정보보안 감사 분야의 국내외 학술 논문들을 분석하여 전반적인 연구 현황을 살펴보고 향후 연구 분야를 제시하는 것이다. 이를 위해 총 103편의 국내외 논문을 일반 기준과 연구 주제 관련 기준을 바탕으로 분석하였다. 주요한 분석 결과로는 연구 방법적인 측면에서 이 분야의 이론적인 발전을 위해 실증 연구의 비중을 높일 필요가 있다. 연구의 내용적인 측면에서 보면, 연구주제 '감사인/감사조직'의 경우, 연구의 누적적인 발전을 위해 역량과 같은 변수들에 대한 프레임워크를 제시하는 연구가 필요하다. 연구 주제 '감사 활동/절차'에 대해서는 감사의 세부 활동 과정/결과를 분석하는 연구를 수행할 필요가 있다. 연구 주제 '감사 대상'의 경우에는 해외 연구에서 분석한 신기술/특정 산업/특정 보안분야 등을 주목해 볼 가치가 있다. 연구 주제 '감사 목적/효과'의 경우, 현재 연구마다 서로 다르게 조작화되고 있는 성과/품질을 종합적이고 체계적으로 정의하는 연구가 필요하다. 연구 주제 '감사 기준/지침'의 경우, 국내에서는 2016년 이후로 지침/모델에 대한 연구가 없으므로, 지속적인 관심이 필요하다.

With the growing importance of information/information system, information security is emphasized, and the significance of information security audit as a tool for maintaining the proper security level is increasing as well. The objectives of the study are to identify the overall research trends and to propose future research areas by analyzing domestic and overseas research in the area. To achieve the objectives, 103 research papers were analyzed based on both general and subject-related criteria. The following are the major research results : In terms of research approach, more empirical studies are needed; For subject "Auditor," studies to develop a framework for related variables (e.g., capability) are needed; For subject "Audit Activities/Procedures," future research should focus on the process/results of detailed audit activities; Future domestic research for "Audit Areas" should look for the new technology/industry/security areas covered by foreign studies; For "Audit Objective/Impact," studies to define the variables (e.g., performance and quality) systematically and comprehensively are needed; For "Audit Standard/Guidelines," research on model/guideline needs to be continued.

키워드

참고문헌

  1. Afifi, M. A. (2020). "Assessing Information Security Vulnerabilities and Threats to Implementing Security Mechanism and Security Policy Audit." Journal of Computer Science, 16(3), 321-329.  https://doi.org/10.3844/jcssp.2020.321.329
  2. Alavi, M. & Carlson, P.(1992). "A Review of MIS Research and Disciplinary Development." Journal of MIS, 8(4), 45-62. 
  3. Almadhoob, A. & Valverde, R. (2014). "Cybercrime prevention in the Kingdom of Bahrain via IT security audit plans." Journal of Theoretical and Applied Information Technology, 65(1), 274-292. 
  4. Alviana, S. (2020). "User Care Level Audit of Information Data Security at PT XYZ Using Guttman Scale." IOP Conference Series: Materials Science and Engineering, 879(1), 1-7.  https://doi.org/10.1088/1757-899X/879/1/012050
  5. Arionadi, K., Dharma, S. A. & Partha, C. G. I. (2016). "IT security audit based on CISSP PMBOK framework." International Journal of Engineering and Emerging Technology, 1(1). 
  6. Atymtayeva, L. & Kozhakhmet, K. (2015). "Development of expert system for information security audit." International Journal of Computer Research, 22(4), 399. 
  7. Au, C. & Fung, W. (2019). "Integrating knowledge management into information security: From audit to practice." International Journal of Knowledge Management(IJKM), 15(1), 37-52. 
  8. Azubike, J. (2011). "Computer information security audit: Procedures for policy design and implementation." Nigeria Journal of Education, Health and Technology Reserch(NJEHETR), 1(2), 164-168. 
  9. Barankova, I. & Mikhailova, U. & Kalugina, O. (2019). Analysis of the Problems of Industrial Enterprises Information Security Audit. Paper presented at the International Russian Automation Conference, 976-985. 
  10. Beldiman, C. (2021). "Risks' Identification and Assessment in a Public Entity Regarding the IT Security Audit." Annals of the University Dunarea de Jos of Galati: Fascicle: I, Economics & Applied Informatics, 27(1). 
  11. Bendovschi, A. & Ionescu, B. (2015). "The Gap between Cloud Computing Technology and the Audit and Information Security." Audit Financiar, 13(125). 
  12. Bhaskara, I. M. A., Suardani, L. G. P. & Wijaya, W. A. (2018). "Data and Information Security Audit Using IT Baseline Protection Manual at PT." XYZ. International Journal of Engineering and Emerging Technology, 2(2), 78-82. 
  13. Billones, M. O. M. & Ona, S. E. (2011). Formulation of an Information Security Audit Process Model Applicable to Educational Institutions. Paper presented at the International Conference on Information Theory and Applications, I29. 
  14. Candiwan, M. Y. D. & Priyadi, Y. (2016). "Analysis of Information Security Audit Using ISO 27001: 2013; ISO 27002; 2013 at IT Division-X Company, In Bandung, Indonesia." International Journal of Basic and Applied Science, 4(4), 77-88. 
  15. Capuder, L. (2004). "ISO-17799-Standard for Information Security: A Welcome Boon for Security Management and Audit." EDPACS, 31(11), 1-10.  https://doi.org/10.1201/1079/44239.31.11.20040501/81101.1
  16. Cefaratti, M. A., Lin, H. & Wallace, L. (2011). "The information security control environment: chief audit executives responding to a survey identify the most and least common controls their organizations deploy to protect IT resources." Internal Auditor, 68(2), 55-59. 
  17. Chandra, I. (2008). "The five C's of IT policy: reviewing the effectiveness of information security policies is a key part of IT audit plans." Internal Auditor, 65(6), 23-25. 
  18. Choi, J. & Nam, K. (2001) "A Study on an Audit Model for the Defense Information System security using BS7799." Journal of the Military Operations Research Society of Korea, 27(1), 89-100. 
  19. Cohen, F. (1998). "Managing Network Security: How does a typical IT audit work?" Network Security, 1998(7), 8-11.  https://doi.org/10.1016/S1353-4858(98)80006-8
  20. Dharmalingam, R. & Smalov, L. (2016). "Information Security Audit in Virtual Environment." The Research Bulletin of Jordan ACM, 2, 132-136. 
  21. Dias, B. (2021). "Big data information security audit" Earth Sciences, 19, 51-53. 
  22. Drastich, M. (2013). "Audit of information security management system." Global Journal on Technology, 3, 1051-1056.
  23. Gill, G. & Bhattacherjee, A., (2009). "Whom Are We Informing? Issues and Recommendations for MIS Research From an Informing Sciences Perspective." MIS Quarterly, 33(2), 217-235. 
  24. Goel, S., Pon, D. & Menzies, J. (2006). "Managing information security: Demystifying the audit process for security officers." Journal of Information System Security, 2(2), 25-45. 
  25. Golyash, I. & Sachenko, S. & Rippa, S. (2011). Improving the information security audit of enterprise using XML technologies. Paper presented at the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, 2, 795-798. 
  26. Grzyb, M. & Kowalik, D. (2020). "Information security management-audit of the IT system." Information management in the era of the Internet, 83-104. 
  27. Gulzira, M., Gulmira, B., Altynbek, S. & Assel, O. (2020). The audit method of enterprise's Information security. Paper presented at the 6th International Conference on Engineering & MIS 2020, 1-5. 
  28. Gupta, A. & Shakya, S. (2015). "Information System Audit: Cloud Computing Security and Challenges." International Journal of Computer Science and Mobile Computing (IJCSMC), 4(11), 48-56. 
  29. Hamdan, M. N. M. (2017). "The Relationship between Network Security Policies and Audit Evidence Documentation: The Accounting Information Security Culture as a Mediator." International Journal of Business and Management, 12(12), 168-180.  https://doi.org/10.5539/ijbm.v12n12p168
  30. Hatsu, S., Ujapka, M. B. & Mpimwood, E. D. (2015). "An examination of the extent of implementation of the information security system and IT audit system in Ghananian Banks [J]." Journal of Mass Spectrometry, 11(11), 375-382. 
  31. Hermann, Y. K. J. & Tanguy, K. B. (2022). "Study on the Audit of IT Security in Health Structures: Case of Health Structures in Burkina Faso." American Journal of Science, Engineering and Technology, 7(2), 39-43. 
  32. Hermanowski. D. (2015). Open source security information management system supporting IT security audit. Paper presented at 2015 IEEE 2nd international conference on cybernetics, 336-341. 
  33. Hwang, I. & Kim, D. (2016) "The Effect of Organizational Information Security Environment on the Compliance Intention of Employee." Journal of information systems, 25(2), 51-77. 
  34. Ivanova, N., Korobulina, O. & Burak, P. (2010). "Methods of analysis for the information security audit." New Trends in Information Technologies. ITHEA, Sofia, 152-161. 
  35. Jeon, K., Jang, J. & Noh, H. (2007) "Security Auditing Check List for Web Applications." Institute for Basic Science(IBS), 18, 153-166. 
  36. Jeon, S., Lim, J., Lee, K. & Han, K. (2012) "A Study on Security Audit Checking Items for the RFIDBased Information System." Korea Society of IT Services, 11(4), 107-121. 
  37. Jeon, S., Zeelim-Hovav, A. & Lee, H (2015). "Impact of Psychological Ownership, Job Position and Awareness of Audit on Information Security Policy Compliance Intention." The Journal of Internet Electronic Commerce Research, 15(6), 39-55. 
  38. Jeon, Y., Cho, K. & Kim, W. (2006) "A Design and Implementation of Information Security Management and Audit System for Government Agencies." Journal of Internet Computing and Services (JICS), 7(5), 81-93. 
  39. Jeong, K., Kim, K., Seo, K., Ryu, K. & Kang, C. (1997) "Implementation of Audit Trail Service System for EDI Security." The KIPS Transactionsty, 4(3), 754-766. 
  40. Jeong, C. (2013) "Review of Privacy Policies of Personal Data Processors and Audit of Privacy Protection: Lessons from the EU, the UK and the US Experiences." Chosun law journal, 20(1), 3-29. 
  41. Kanatov, M., Atymtayeva, L. & Yagaliyeva, B. (2014). Expert systems for information security management and audit. Implementation phase issues. Paper presented at the 2014 Joint 7th International Conference on Soft Computing and Intelligent Systems (SCIS) and 15th International Symposium on Advanced Intelligent Systems (ISIS), 896-900. 
  42. Kim, D. & Kim, H. (2004). "Research on application of quantification model to security audit evaluation to improve information system audit quality." Journal of Information Technology Applications & Management, 11(2), 45-64. 
  43. Kim, J. & Hwang, K. (2022). "Analysis of domestic research trends in the field of information system auditing." Public Audit and Inspection Review, 37, 95-121. 
  44. Kim, M., Park, S. & Kwon, H. (2013). Research on IT audit process for information security. Paper presented at the Korean IT Service Society Conference Proceedings, 639-642. 
  45. Kim, T. (2014). "A review of domestic information protection-related laws and systems." Boannews, 2022 
  46. Kim, Y. & Nam, K. (1993). "Information system security and audit trail mechanisms." Journal of Communications and Information Security, 3(3), 67-79. 
  47. Kim, Y. & Cho, S. (2012). "Analysis of social network service research trends in the media area." informatization policy, 19(4), 3-26. 
  48. Kozlovs, D., Cjaputa, K. & Kirikova, M. (2016). "Towards Continuous Information Security Audit. REFSQ Workshops." 
  49. Lakhno, V., Akhmetov, B., Chubaievskyi, V., Desiatko, A., Palaguta, K., Blozva, A. & Chasnovskyi, Y. (2021). "Information Security Audit Method Based on the Use of a Neuro-Fuzzy System." Proceedings of the Computational Methods in Systems and Software. 171-184. 
  50. Li, Z. (2016). "Research on Information Security Audit Base on Semantic Web Ontology and Improve Vector Space Model." International Journal of Security and Its Applications, 10(12), 141-152.  https://doi.org/10.14257/ijsia.2016.10.12.12
  51. Lee, C. (2008) "A Study on industrial control system information security Auditing framework." Journal of The Korea Institute of Information Security and Cryptology (JKIISC), 18(1), 139-148. 
  52. Lee, C., Hong, S., Kang, S. & Kim, J. (2009). "The Study on the Information Security Audit Guideline for SCADA System." Informational International Interdisciplinary Journal, 12, 147-162. 
  53. Lee, D. & Park, J. (2010) "A Study on the Information System Security Audit Method for Personal Information Protection." Journal of Korea Safety Management & Science, 12(4), 107-116. 
  54. Lee, E., Park, B., Jang, S. & Lee, S. (2018) "Study on IT security audit system for e-commerce private information protection." The Korea Society of Computer and Information, 26(1), 179-182. 
  55. Lee, H. & Myung, S. (2013) "Analysis of Research Trends in domestic informatization and e-government since 2000." Informatization Policy, 20(4), 3-22. 
  56. Lee, J., Shin, S., Kim, H. & Hwang, K. (2012) "A Study on Research Framework and Research Trends in IT Service Management (ITSM) Area." Informatization Policy, 19(1), 3-24. 
  57. Lee, J., Kim, D. & Kim H. (2010) "A Design on the Information Security Auditing Framework of the Information System Audit." Journal of the Korea Society of Digital Industry and Information Management, 6(2), 233-245. 
  58. Lee, N., Lee, J. & Hwang, K. (2014) "Research framework and research trends in the field of health care information technolgy." informatization policy, 21(3), 3-32. 
  59. Lee, S. & Park, D. (2015) "A Study on Maturity Model for Improving Security Check in Information System Audit." Journal of Security Engineering, 12(2), 151-168. 
  60. Lim, J., Kim, D. & Han, K. (2008) "Securiry Audit Checking Items for the RFID-Based Information Systems." Korea Society of IT Services, 419-422. 
  61. Lin, R. & Huang, Y. (2020). Enterprise Internal Audit Data Network Security System in the Information Age. Paper presented at the International Conference on Cyber Security Intelligence and Analytics, 98-103. 
  62. Livshitz, I. I., Nikiforova, K. A., Lontsikh, P. A. & Karasev, S. N. (2016). The new aspects for the instantaneous information security audit. Paper presented at the 2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS), 125-127. 
  63. Lo, E. C. & Marchand, M. (2004). Security audit: a case study information systems. Paper presented at the Canadian Conference on Electrical and Computer Engineering 2004 (IEEE Cat. No. 04CH37513), 1, 193-196. 
  64. Lontsikh, P. A., Safonova, O. M., Koksharov, A. V., Lontsikh, N. P. & Golovina, E. Y. (2021). Remote Audit Improvement Methods in the System-oriented Information and Security Analysis. Paper presented at the 2021 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS), 178-182. 
  65. Lu, H., Cui, X., Wang, L., Jiang, Y. & Cui, M. (2018). The Research on Security Audit for Information System Classified Protection. Paper presented at the International Conference on Cloud Computing and Security, 300-308. 
  66. Markina, I. & Diachkov, D. (2019). "Information security audit specificity." Moderni veda, 1, 13-20. 
  67. Min, H. & Lee, H. (2016). The need to redefine the concept of information security auditing. Paper presented at the Korea Society of IT Services Conference Proceedings, 293-294. 
  68. Muneeb-ul-Hasan, S. H. O. & Arshad, M. M. (2019). "A Conceptual Framework of Information Security Database Audit and Assessment." International Journal of Innovative Computing, 9(1), 7-13. 
  69. Nastase, F. & Nastase, P. (2007). "Information Security Audit in e-business applications." Informatica Economica, 11(1), 79-87. 
  70. NIA (2022). National informatization white paper. 
  71. NCSC (2022). National Cyber Security Center Guideline 2022. 
  72. Office of Government Commerce(OGC). (2007). ITIL V3. Service Design. 
  73. Othman, N. A. A., Norman, A. A. & Kiah, M. L. M. (2021). "Information System Audit for Mobile Device Security Assessment." 2021 3rd International Cyber Resilience Conference(CRC), 1-6. 
  74. Palvia, P., Chau, P., Kakhki, M.D., Ghoshal, T., Uppala, V. & Wang, W. (2017). "A Decade Plus Long Introspection Of Research Published In Information & Management." Information & Management, 54(2), 218-227. 
  75. Pathak, J. (2006). "Internal audit and corporate governance: A program for information security review audit." The EDP Audit, Control, and Security Newsletter, 31, 1-13. 
  76. Pereira, T. & Santos, H. (2010). "An audit framework to support information system security management." International Journal of Electronic Security and Digital Forensics, 3(3), 265-277. 
  77. Pereira, T. & Santos, H. (2011). "Description of a Practical Application of an Information Security Audit Framework." Paper presented at the European Conference on Cyber Warfare and Security, 315. 
  78. Popa, M. (2010). "Requirements for Development of an Assessment System for IT&C Security Audit." Journal of Mobile, Embedded and Distributed Systems, 2(2), 56-64. 
  79. Popa, M. & Doinea, M. (2007). "Audit Characteristics for Information System Security." Informatica Economica, 11(4), 103-106. 
  80. Popescu, G., Popescu, V. A. & Popescu, C. R. (2007). "Information systems security audit." Manager Journal, 6(1), 81-88. 
  81. Popescu, G., Popescu, V. A. & Popescu, C. R. (2008). "Conducting an information security audit." Manager Journal, 7(1), 76-82. 
  82. Quanxiu, H. & Guangying, C. (2011). "Research of security audit of enterprise group accounting information system under internet environment." Paper presented at the 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), 516-519. 
  83. Radu, R. I. & Isai, V. (2014). "Determination of the Effectiveness of Information Security and Audit Accounting IT Informational Program." Annals of the University Dunarea de Jos of Galati: Fascicle: I, Economics & Applied Informatics, 20(2), 93-98. 
  84. Raggad, B. G. & Collar, E. J. (2006). "The Simple Information Security Audit Process: SISAP." International Journal of Computer Science and Network Security, 6(6), 189-198. 
  85. von Roessing, R. (2005). Improving the IT Security Audit Framework: Standards, Common Ground, and Strategic Alignment. Proceedings of Security and Protection of Information 2005, 25-32. 
  86. Roratto, R. & Dias, E. D. (2014). "Security information in production and operations: a study on audit trails in database systems." JISTEM-Journal of Information Systems and Technology Management, 11, 717-734. 
  87. Rudowski, M. & Tarnowska, K. (2016). "Decision support system for information systems security audit (WABSI) as a component of IT infrastructure management." Information Systems in Management, 5(3), 389-400. 
  88. Rytov, M. Y., Leksikov, E. V., Sakalo, V. I. & Kovalev, P. A. (2017). "The Use of Fuzzy Cognitive Modelling to Manage Information Security Audit of Information Portals of Regional Executive Authorities." Journal of Physics: Conference Series, 803, 1-5. 
  89. Ryu, K., Kim, K., Yoon, S. & Lee, Y. (1997) "Design of intrusion detection and audit tracking system using information security computer network events." Information Processing Society Journal, 4(9), 2342-2353. 
  90. Salihu, A. & Berisha-Hoti, X. (2019). "The Effect of IT Audit on Security Incidents." International Journal of Scientific & Technology Research, 8(8), 1342-1347. 
  91. Satoh, N. & Komoda, N. (2005). A labor time estimation model for the information security audit by quantitative analysis I and regression analysis. Paper presented at the 4th WSEAS International Conference on E-Activities, 136-141. 
  92. Satoh, N. & Samejima, M. (2019). "Risk words suggestion for information security audit by Bayesian inference." Electronics and Communications in Japan, 102(1), 42-48. 
  93. Schryen, G., Benlian, A., Rowe, F., Gregor, S., Larsen, K., Petter, S. & Yasasin, E. (2017). "Literature reviews in IS research: What can be learnt from the past and other fields?" Communications of the Association for Information Systems, 41(30), 759-774. 
  94. Shakya, S. & Gupta, A. (2017). "Concerns on Information System and Security Audit". Journal of Advanced College of Engineering and Management, 3, 127-135. 
  95. Schultz, V., Kulba, V. & Shelkov, A. (2014). "Information security audit of automated control systems." Trends and management, 4, 319-334. 
  96. Singleton, T. W. & Singleton, A. J. (2008). "The potential for a synergistic relationship between information security and a financial audit." Information Security Journal: A Global Perspective, 17(2), 80-86. 
  97. Smith, G. (2007). "Greatest IT audit and security risks of 2006." Journal of Corporate Accounting & Finance, 18(4), 43-48. 
  98. Stafford, T., Deitz, G. & Li, Y. (2018). "The role of internal audit and user training in information security policy compliance." Managerial Auditing Journal, 33(4), 410-424. 
  99. Stafford, T., Gal, G., Poston, R., Crossler, R. E., Jiang, R. & Lyons, R. (2018). "The role of accounting and professional associations in it security auditing: An AMCIS panel report." Communications of the Association for Information Systems, 43(1), 482-493. 
  100. Steinbart, P. J., Raschke, R. L., Gal, G. & Dilla, W. N. (2013). "Information security professionals' perceptions about the relationship between the information security and internal audit functions." Journal of Information Systems, 27(2), 65-86. 
  101. Steinbart, P. J., Raschke, R. L., Gal, G. & Dilla, W. N. (2018). "The influence of a good relationship between the internal audit and information security functions on information security outcomes." Accounting, Organizations and Society, 71, 15-29. 
  102. Suduc, A. M., Bizoi, M. & Filip, F. G. (2010). "Audit for information systems security." Informatica Economica, 14(1), 43. 
  103. Surcel, T. & Amancei, C. (2007). "The Information Security Management System, Development and Audit." Informatica Economica, 11(4), 111-114. 
  104. Surcel, T. & Amancei, C. (2011). "A Progressive Improvement of the Integrated System for Academic Management through Information Security Management System Audit and Metrics." Academy of Economic Studies. Economy Informatics, 11(1), 132-141. 
  105. Tanriverdi, H., Bertsch, J., Harrison, J., Hsiao, P. L., Mesuria, K. S. & Hendrawirawan, D. (2006). "AlphaCo: A Teaching Case on Information Technology Audit and Security." Journal of Digital Forensics, Security and Law, 1(1), 45-68.
  106. Tofan, D. C. (2011). "The Security Audit Within Information Systems." Paper presented at the 6th International Conference on Knowledge Management: Projects, Systems and Technologies, 18. 
  107. Vieira, T. & Serrao, C. (2016). "Web applications security and vulnerability analysis financial web applications security audit a case study." International Journal of Innovative Business Strategies (IJIBS), 2(2), 86-94. 
  108. Voevodin, V. A., Markina, M. S. & Markin, P. V. (2020). "Determination of the weight of audit evidence by the method of point ratings in the information security audit." Computational Nanotechnology, 1, 57-62. 
  109. Warigon, S. (1999). "Information Security and Audit Implications of Electronic Money." EDPACS, 26(7), 12-15.  https://doi.org/10.1201/1079/43244.26.7.19990101/30237.3
  110. Wen, C. C. K., Othman, S. H. & Sirat, M. M. (2018). "Development of Metamodel on Information Security Risk Audit and Assessment for IT Assets in Commercial Bank." International Journal of Innovative Computing, 8(2), 23-32. 
  111. Westland, J. (2021). "Assessing Privacy and Security of Information Systems from Audit Data." Information Systems Frontiers, 1-18. 
  112. Yen, J., Lim, J., Wang, T. & Hsu, C. (2018). "The impact of audit firms' characteristics on audit fees following information security breaches." Journal of Accounting and Public Policy, 37(6), 489-507. 
  113. Yoon, S., Jang, E. & Kwon, H. (2003) A study on security audit process model of web-based system. Paper presented at the Korea Society of IT Services Conference Proceedings, 407-412. 
  114. Yu, G. & Gao, P. (2013). Risk-Based Information Security Audit Applied Research in the Power Industry. Paper presented at the 2013 International Conference on Control Engineering and Communication Technology. 176-179. 
  115. Yu, W., Han, K., Kim, D. & Kim, H. (2014) "Audit model for information protection in hospital information systems." Digital convergence, 12(7), 133-145. 
  116. Zhou, X. (2020). Improvement of information System Audit to Deal With Network Information Security. Paper presented at the 2020 International Conference on Communications, Information System and Computer Engineering (CISCE). 93-96. 
  117. Zorkadis, V. & Siougle, E. (2001). Information Security and Privacy Audit Modeling. Paper presented at the 5th world multiconference on Circuits, Systems, Communications and Computers.