Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.4.933

A Study on Improvement of Inspection Items for Activation of the Information Security Pre-inspection  

Choi, Ju Young (Seoul Women's University)
Kim, JinHyung (Korea Internet & Security Agency)
Park, Jung-Sub (Korea Internet & Security Agency)
Park, Choon Sik (Seoul Women's University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.4, 2015 , pp. 933-940 More about this Journal
Abstract
IT environments such as IoT, SNS, BigData, Cloud computing are changing rapidly. These technologies add new technologies to some of existing technologies and increase the complexity of Information System. Accordingly, they require enhancing the security function for new IT services. Information Security Pre-inspection aims to assure stability and reliability for user and supplier of new IT services by proposing development stage which considers security from design phase. Existing 'Information Security Pre-inspection' (22 domains, 74 control items, 129 detail items) consist of 6 stage (Requirements Definition, Design, Training, Implementation, Test, Sustain). Pilot tests were executed for one of IT development companies to verify its effectiveness. Consequently, for some inspection items, some improvement requirements and reconstitution needs appeared. This paper conducts a study on activation of 'Information Security Pre-inspection' which aims to construct prevention system for new information system. As a result, an improved 'Information Security Pre-inspection' is suggested. This has 16 domains, 54 inspection items, 76 detail items which include some improvement requirements and reconstitution needs.
Keywords
Information Security Pre-Inspection; Security Development Lifecycle;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 2015 National Information Security White Book, pp. 300, May 2015.
2 Information Security Management System(ISMS), http://isms.kisa.or.kr/
3 SECUrity Assessment for Readiness (SECU-STAR), The Korea Federation of ICT Organizations, Nov. 2014.
4 NIST, "The Economic Impacts of Inadequate Infrastructure for Software Testing", May 2002.
5 Security Development Lifecycle, http://www.microsoft.com/security/sdl/about/benefits.aspx
6 NIST Special Publication 800-160, "Systems Security Engineering-An Integrated Approach to Building Trustworthy Resilient Systems", May 2014.
7 2014 National Information Security White Book, pp. 300, May 2015.
8 Keun-Ho Lee, "A Study of Pre-inspection for Information Security in Information System", Journal of Digital Convergence, 12(2), pp.513-518, 2014.   DOI
9 NIA-PAG(NIA's IT Project Auditing Guideline)v2.0-2013.08, NIA, 2013.
10 PIA(Privacy Impact Assessment), KISA, 2011.
11 DHS(Department of Homeland Security),Security in the Software Lifecycle Making Software Development Processes - and Software Produced by Them-More Secure, 2006.
12 ISO/IEC DIS 27036-3, Guidelines for ICT supply chain security, 2013.
13 NIST, Notional Supply Chain Risk Management Practices for Federal Information Systems, October 2012.
14 ISA Security, NIST Cybersecurity Framework ISCI Response to Request for Information, ISASecure, 2013.