Browse > Article
http://dx.doi.org/10.14400/JDPM.2014.12.1.229

An Audit Model for Information Protection in Smartwork  

Han, Ki-Joon (Dept. of Computer Science and Engineering, Kunkuk University)
Kim, Dong-Soo (Graduate School of Information and Telecomunications, Konkuk University)
Kim, Hee-Wan (Division of Computer Engineering, Shamyook University)
Publication Information
Journal of Digital Convergence / v.12, no.1, 2014 , pp. 229-239 More about this Journal
Abstract
Smartwork technology, using teleworking, smartwork centers and mobile terminal, provides a flexible work environments without constraints of time and space. Smartwork system to increase the work efficiency has the information protection threats according to their convenience. Thus, in order to build smartwork, it is proper to provide information protection audit to help ensure the information protection. In this paper, we have proposed an infortaion protection audit model at the practical and technical level for building a smartwork environment. We were classified as a terminal, network and server area for information protection, and derived a professional information protection check items. Further, by establishing a smartwork information protection audit time to map ISMS control items, we have proposed an audit model so that it is possible to improve the security and efficiency. It also verified whether the proposed model is suitable or not by doing a survey if deduced audit domain and check items correspond with the purpose of the smartwork information protection audit to auditors and IT specialists. As the result, this study was 97% satisfaction out of 13 check items.
Keywords
smartwork; information protection; audit model; check items;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Hae Soo Hwang, Ki Hyuk Lee, A study on the mobile security model for secure smartwork, Review of KIISC 21(3), pp.22-34, 2011
2 Hyung Chan Lee, Jung Hyun Lee, Ki Wook Son, Smartwork security threats and countermeasures, Review of KIISC 21(3), pp.12-21, 2011
3 Ho Sun Yun, Sung Back Hong, Hyung Yul Yum, In Jae Kim, Mobile VPN structure suitable for smartwork environments, Journal of Advanced Information Technology and Convergence(JAITC) 9(5), pp.159-166, 2011
4 National Information Society Agency, u-Work Service Activation Support Project, National Information Society Agency, 2007
5 Ji Yong Lee, Dong Soo Kim, Hee Wan Kim, A design of the information security auditing framework of the information system audit, Korea society of digital industry and information management 6(2), pp.233-245, 2010.
6 Dong Soo Kim, Nam Jae Jun, Hee Wan Kim, Design of financial information security model based on enterprise information security architecture, Korea society of digital industry and information management 6(4), pp.307-317, 2010.
7 Ho Ik Jang, Ho Hyun Han, Nam Yong Lee, Jang Hee Jo, A study on the selection model of information protection management system control items, The journal of korea information and communications society 35(8), pp. 195-204, 2010
8 Korea Communications Commission Notice 2010-3, Notice regarding information security management system certification, Korea Communications Commission, 2010
9 Hee Myung Lee, Jong In Lim, A study on the development of corporate information security level assessment models, Review of KIISC 18(5), pp.161-170, 2008   과학기술학회마을
10 Myeong Soo Jeong, Dong Bum Lee, Jin Kwak, An analysis of smartwork security threats and security requirements, Korea institute of information security and cryptology 21(3), pp.55-63, 2011
11 Ministry of Security and Public Administration, Smartwork promotion plan, Ministry of Security and Public Administration, 2010
12 National Information Society Agency, National Information white papers, National Information Society Agency, 2011
13 FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems, NIST, 2006.
14 FIPS PUB 200, Minimum Security Requirements for Federal Information Systems and Organizations, NIST, 2006.
15 ISO/IEC 27000, Information technology-Security techniques - Information security management systems - Overview and Vocabulary, ISO, 2009.
16 National Information Society Agency, CIO Report 26 Smart phones and mobile office security issues and response strategies, National Information Society Agency, 2010
17 Korea Communications Commission, introduction, operation guidebook of smartwork for enterprise, Korea Communications Commission, 2011