• Journal of the Korea Safety Management & Science
• /
• v.7 no.5
• /
• pp.135-153
• /
• 2005

자가통제평가(CSA : Control Self Assessment)는 핵심사업 목적을 달성하는데 개입되는 위험 그리고 그러한 사업위험을 관리하기 위하여 설계된 내부통제를 공식적이고 문서화된 협력적 프로세스에 의하여 검토하기 위하여 사용되는 방법론이다. 현재 많은 기업에서 효과적인 조직통제와 비즈니스 프로세스 개선을 위하여 전문 감사인과 경영인들이 기업지배구조 조직의 강력한 위험관리 도구로서 자가통제평가의 필요성을 강조하고 있다. 자가통제평가는 해당 조직의 담당부서나 팀에서 내부통제평가를 통하여 내부통제상의 재무보고, 준법, 사업 및 운영상의 효율성 등을 확보하기 위해서 설치되며, 효과적인 모니터 장치로서 기업지배구조상의 업무 프로세스를 정비하고 업무에서 발생하는 제반 정보의 흐름을 원활하게 해서 조직에게 손해가 발생할 수 있는 여러 가지 위험으로부터 회사를 사전에 차단하는 기능을 한다. 이러한 부분에서 효과적인 자가통제평가 시스템을 구축하는 것이 중요할 것이다. 본 연구에서는 e-Business 관련 기업지배구조의 안전성을 확보하기 위한 자가통제평가 모델에 대한 개발 필요성과 관련 자가통제평가 세가지 기본 모델들을 통하여 장단점을 제시하고, 자가통제평가 모델의 필요성을 논의하였다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.317-321
• /
• 2002

최근 Firewall, IDS와 같은 응용프로그램 수준의 보안 제품은 내부서버 자체의 취약성을 방어하지 못한다. 본 논문에서는 TCSEC C2급에 해당하는 보안성을 가지는 리눅스를 LKM(Loadable Kernel Module) 방법으로 B1급 수준의 다중등급 보안을 구현하였다, 따라서 구현된 다중등급 보안 리눅스 커널의 주요 기능을 기술하고, 시험 평가로서 강제적 접근제어, 성능 및 해킹 시험을 실시하였다. 구현된 보안 커널 기반의 리눅스 운영체제는 B1급의 요구사항을 만족하며, root의 권한 제한, DB를 이용한 실시간 감사추적, 해킹차단, 통합보안관리등의 추가적 기능을 제공한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2010.05a
• /
• pp.345-346
• /
• 2010

기업은 개인정보의 보호를 위해 다양한 방안들을 마련해 이러한 규제를 준수하며 내부에 관리중인 개인정보에 대해 보안을 강화하기 위해 빠르게 보안 솔루션을 도입하고 있다. 이에 수많은 데이터들이 저장되어 사용되고 있는 DBMS 측면에서 이러한 규제를 준수하는 동시에 효과적으로 데이터 보안을 확보하기 위한 방안을 암호화, 접근제어, 감사로 구분하여 각각의 대한 구현방법 및 해당 솔루션들을 비교하여 이를 통해 최적의 데이터 보안 방안을 모색할 수 있도록 한다.

• Management & Information Systems Review
• /
• v.33 no.1
• /
• pp.173-190
• /
• 2014

According to COSO(2013) "Internal control is a process that is designed to provide reasonable assurance that a firm can achieve its objectives, where differing aspects of internal control can be partitioned into operating objectives, reporting objectives, and compliance objectives." Internal control over financial reporting(ICFR) is focus on reporting objectives and includes that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company's assets that could have a material effect on the financial statements. Thus, firms with weak ICFR have negative a effect on Firm value because those firms are great likelihood of misappropriation and inefficiency decision. In this regard, this study investigates the association of ICFR with the likelihood of firm failure. Specially, I measure the characteristic of ICFR as disclosures of material weaknesses and operating personnel of ICFR. I identify the likelihood of firm failure as going-concern opinion issued in audit report. As result, I find that a higher probability of firm failure is positively associated with the material weakness in ICFR also I find that a higher probability of firm failure is negatively associated with experience and qualified CPA of personnel in ICFR.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.302-305
• /
• 2017

최근 시간과 장소에 얽매이지 않고, 언제 어디서나 편리하게 근무함으로써 업무효율성을 향상시킬 수 있는 업무환경 개념인 스마트워크(Smartwork)가 각광을 받고 있다. 그러나 스마트워크 환경에서는 모든 업무가 정보통신망과 정보시스템을 통해 처리되기 때문에 정보유출 위협이 존재한다. 또한, 디지털 포렌식 분야에서 조사 및 수사대상이 점점 다양화되고 있다. 내부정보 유출과 같은 보안사고 발생 후, 디지털 증거는 대부분 제한적으로 수집될 수밖에 없으며, 전문업체 의뢰 시 높은 의뢰비용과 장기간의 분석 시간이 소요된다. 기존의 내부정보 유출 방지 시스템에만 의존할 것이 아니라, 유출 행위 탐지에 중점을 둔 선제적 감사 활동을 수행하기 위한 디지털 포렌식 준비도가 필요한 상황이다. 따라서, 본 논문에서는 다양한 디지털 포렌식 준비도 관련 모델들에 대한 분석을 기반으로 미래 스마트워크 환경에서 보안사고에 대응하기 위한 디지털 포렌식 준비도 모형을 연구하였다.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.7 no.4
• /
• pp.97-106
• /
• 2008

This proposed system is a part of internal control system that national highway need to support their ITS information audit. This paper explains the design and implementation of a packet interceptor and a DB query analyzer. The packet interceptor sniffs users' query packets, and then the DB query analyzer parses the SQL queries and stores the users' DB access information such as SQL queries, access data and changing data. The information may be used as the evidences on internal control of users and users' accesses.

• Journal of Advanced Navigation Technology
• /
• v.18 no.5
• /
• pp.494-500
• /
• 2014

Recently the leak of personal information from in-house and contract-managed companies has been continually increasing, which leads a regular observation on outsourcing companies that perform the personal information management system to prevent dangers from the leakage, stolen and loss of personal information. However, analyzing many numbers of computers in limited time has found few difficulties in some circumstances-such as outsourcing companies that own computers that have personal information system or task continuities that being related to company's profits. For the reason, it is necessary to select an object of examination through identifying a high-risk of personal data leak. In this paper, this study will formulate a proposal for the selection of high-risk subjects, which is based on the user interface, by digital forensic. The study designs the integrated analysis tool and demonstrates the effects of the tool through the test results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.79-90
• /
• 2017

If digital forensic investigators can utilize file access logs when they audit insider information leakage cases or incident cases, it would be helpful to understand user's behaviors more clearly. There are many known artifacts related to file access in MS Windows. But each of the artifacts often lacks critical information, and they are usually not preserved for enough time. So it is hard to track down what has happened in a real case. In this thesis, I suggest a method to utilize SACL(System Access Control List) which is one of the audit functions provided by MS Windows. By applying this method of strengthening the Windows's audit settings, even small organizations that cannot adopt security solutions can build better environment for conducting digital forensic when an incident occurs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1271-1284
• /
• 2014

This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a administrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.1-8
• /
• 2005

Network event analysis gives useful information on the network status that helps protect attacks. It involves finding sets of frequently used packet information such as IP addresses and requires real-time processing by its nature. Apriori algorithm used for data mining can be applied to find frequent item sets, but is not suitable for analyzing network events on real-time due to the high usage of CPU and memory and thus low processing speed. This paper develops a network event audit module by applying association rules to network events using a new algorithm instead of Apriori algorithm. Test results show that the application of the new algorithm gives drastically low usage of both CPU and memory for network event analysis compared with existing Apriori algorithm.