Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.1.109

A Study on the Efficiency of Auditing for Security Vulnerabilities in the Public Sector  

Kim, Hyun-seok (The Board of Audit and Inspection of Korea)
Abstract
The purpose of information security activities is to reduce large-scale material and human accidents that are concerned about hacking damage to important systems, such as control systems, through periodic preventive activities in addition to finding the cause and taking follow-up measures after damage caused by hacking. For this reason, although each institution is using a security work audit model in accordance with the relevant regulations, it is not easy to conduct company-wide inspection activities due to the constraints of manpower and time. Therefore, in this paper, we will analyze the major vulnerabilities of public institutions over the past 10 years and present a security audit model that can perform efficient security activities compared to the models for domestic and foreign security audits.
Keywords
Security Audit; Audit Model; Vulnerability Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 GAO, Federal Information System Controls Audit Manuals(GAO-090232G), Feb. 2009
2 INTOSAI WGITA-IDI, Handbook on IT Audit for Supreme Audit Institution, Appendix VII, pp. 107-115, 2014
3 Wikipedia, ISO/IEC 27001, http://en.wikipedia.org/wiki/ISO/IEC_27001:2013 search
4 Korea Internet & Security Agency, "Introduction of system" in "Certification of information protection and personal information protection management system" (isms-p.kisa.or.kr)
5 Financial Supervisory Service, IT Audit Manual, pp. 474-497. 2019.
6 Board of Audit and Inspection, "Actual status of social service e-voucher business selection (National Assembly audit)", pp. 37-42, Oct. 2011.
7 Board of Audit and Inspection, "Financial Consumer Protection and Supervision"(local action completed), 2013
8 Board of Audit and Inspection, "Financial Execution Management Status", pp. 46-50, Apr. 2014.
9 Board of Audit and Inspection, "The status of handling civil complaints in the first half of the year", pp. 25-28, Sep. 2014.
10 Board of Audit and Inspection, "Construction and Operation of the National Integrated Traffic Information System", pp. 14-19, Oct. 2016.
11 Board of Audit and Inspection, "Main informatization business contract business promotion status", pp. 41-52, Aug. 2016.
12 Board of Audit and Inspection, "National Tax Information System Utilization and Security Status", pp. 31-32, Jan. 2017.
13 Board of Audit and Inspection, "Construction and utilization of public data", pp. 158-175, Jun. 2018.
14 Board of Audit and Inspection, "The Postal Business Management Status", pp. 53-65, Oct. 2018.
15 Board of Audit and Inspection, "Actual status of financial sector information protection and cyber safety management supervision", pp.10-12, Apr. 2014.
16 Ministry of Science and ICT and Korea Internet & Security Agency, "Detailed Guide to Analysis and Evaluation Methods for Technical Vulnerabilities in Major Information and Communication Infrastructure", Dec. 2017.
17 Board of Audit and Inspection, "Financial Supervision Act, including Financial Consumer Protection", pp. 68-76, Feb. 2012.
18 Board of Audit and Inspection, "State of Crisis Management of National Core Infrastructure", pp. 102-105, Dec. 2012.
19 Board of Audit and Inspection, "Public Institutions Information Protection and Cyber Safety Management Status", pp. 26-98, Mar. 2012.
20 Board of Audit and Inspection, "Operation of diplomatic missions abroad and the implementation of major projects of the Ministry of Foreign Affairs", pp. 105-109, Nov. 2014.
21 Board of Audit and Inspection, "Actual Inspection and Supervision of Personal Information Leakage of Financial Companies", pp. 57-62, Jul. 2014.
22 Board of Audit and Inspection, "National Police Agency Operation Audit", pp. 55-58. Jun. 2015.
23 Board of Audit and Inspection, "The Current State of Management of Public Institutions that Support Electricity", pp. 32-34, Jun. 2015.
24 Board of Audit and Inspection, "Local Office of Education Financial Management(5) (Ministry of Education, Seoul Office of Education)", pp. 61-65, Dec. 2015.
25 Board of Audit and Inspection. "Public Safety Threat Factor Response Management(Airport Safety and Firearms and Explosives)", pp. 46-47, Sep. 2016.
26 Board of Audit and Inspection, "Educational Information System Establishment and Operation Status"(local action completed), 2017.
27 Board of Audit and Inspection. "Checking the capability to respond to cyber breaches of major information and communication infrastructure"(Secret), Nov. 2016.
28 Board of Audit and Inspection, "Institutional operation audit by the Ministry of Safety and Public Administration", pp. 31-39, Aug. 2014.
29 Board of Audit and Inspection, "Construction and Utilization of National Geospatial Data", pp. 159, 2017.
30 Board of Audit and Inspection, "Construction and Utilization of Information System for Land and Environment", pp. 58-69, Sep. 2017.
31 Board of Audit and Inspection, "Status of National Public Official Personnel Management and Management", pp. 68-73, Nov. 2017.
32 Board of Audit and Inspection, "Public Teacher Appointment Exam Management Status", pp. 31-34. Aug. 2018.
33 Board of Audit and Inspection, "Pharmaceutical Safety Management Status", pp. 31-33, Jul. 2020.
34 Board of Audit and Inspection, "National Cyber Safety Management Status", pp. 140-146, Apr. 2016.
35 Board of Audit and Inspection, "Inspection of allegations related to contract by the Korea Employment Information Service", pp. 15-21, Aug. 2018.
36 Board of Audit and Inspection, "Management Status of Agricultural Product Price Stabilization Subsidy Support Project", pp. 25-28. Aug. 2019.
37 Board of Audit and Inspection, "Regional Indigenous Corruption, etc. Startup Inspection III", pp. 32-42, Jun. 2019.
38 Board of Audit and Inspection, "Korea Foundation, Overseas Koreans Foundation Institutional Operation Audit", pp. 49-52, Jul. 2019.
39 Board of Audit and Inspection, "Operation of diplomatic missions abroad and the headquarters of the Ministry of Foreign Affairs", pp. 93-97, Jan. 2020.
40 Board of Audit and Inspection, "The Status of Settlement Support for North Korean Refugees", pp. 43-46, Mar. 2020.
41 Board of Audit and Inspection, "Chungcheongnam-do Institutional Audit", pp. 121-125, Oct. 2020.
42 Board of Audit and Inspection. "An Research on Efficient Audit Methodology for Information Security and Cyber Safety ", Dec. 2021.
43 Board of Audit and Inspection, "Unauthorized reading and leakage of electronic medical records at Seoul National University Hospital", pp. 24-34, Mar. 2017.