• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.3
• /
• pp.428-434
• /
• 2020

Recently, due to the development of ICT technology, changes to the convergence service platform of information systems are accelerating. Convergence services expanded to cyber systems with 5G communication, IoT, AI, and cloud are being reflected in the real world. However, the field of cybersecurity audit for responding to cyber attacks and security threats and strengthening security technology is insufficient. In this paper, we analyze the international standard analysis of information security management system, security audit analysis and security of related systems according to the expansion of 5G communication, IoT, AI, Cloud based information system security. In addition, we design and study cybersecurity audit checklists and contents for expanding security according to cyber attack and security threat of information system. This study will be used as the basic data for audit methods and audit contents for coping with cyber attacks and security threats by expanding convergence services of 5G, IoT, AI, and Cloud based systems.

• The Magazine for Energy Service Companies
• /
• s.4
• /
• pp.64-69
• /
• 2000

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.24 no.66
• /
• pp.27-35
• /
• 2001

The Gateway Server Authorization System(GSAS) presented in this thesis is a database authorization system. GSAS is responsible for user\`s authorization, and privilege management, audit service. Only users that are filtered in GSAS can access the DBMS(Data Base Management System) through middleware. GSAS is located at the DBMS and already contains an authorization record for user accessing a specific DBMS. GSAS on consists of several components, namely an authorization manager, a privilege manager, and an audit manager. As an authorization manager and a privilege manager can only approve a pass at the same time, a user can get accessibility for DBMS.

• Smart Media Journal
• /
• v.11 no.6
• /
• pp.51-63
• /
• 2022

Metaverse provides a simulated environment where a large number of users can participate in various activities. In order for Metaverse to be sustainable, it is necessary to study ethics that can be applied to a Metaverse service platform. In this paper, Metaverse ethics and the rules for applying to the platform are explored. And, in order to judge the ethicality of avatar actions in social Metaverse, the identity, interaction, and relationship of an avatar are investigated. Then, an action-based audit approach to avatar interactions (e.g., dialogues, gestures, facial expressions) is introduced in two cases that an avatar enters a digital world and that an avatar requests the auditing to subjects, e.g., avatars controlled by human users, artificial intelligence (AI) avatars (e.g., as conversational bots), and virtual objects. Pseudocodes for performing the two cases in a system are presented and they are examined based on the description of the avatars' actions.

• Journal of KIISE:Software and Applications
• /
• v.35 no.2
• /
• pp.105-117
• /
• 2008

Generally, project audit provides the service which accomplishes a project successfully by checking the management activity of information system project, indicating a controversial point and reflecting the improvement issues based on project audit check list. In addition, the projects are managed by using the project management maturity model based on process. However, the effect is not big as we except projects performance of real world. In this paper. to solve these problems, the project management maturity evaluation model which is connected with project audit check list and organizational maturity model survey items is designed. Thus, we propose the model which can improve the project performance through the project evaluation of customer's project and development part and the evaluation of organization level as we design that it is possible to not only audit the project but also evaluate it before and after the project.

• Journal of Digital Convergence
• /
• v.13 no.7
• /
• pp.183-196
• /
• 2015

In order to perform a successful outsourcing, we needs the SLA through improving the quality of IT services. In particular SLA metrics and evaluation criteria is an important factor as to substitute the IT viability of the company to promote IT Outsourcing. SLA metrics consist of technical, managerial, user perspective items, and has been managed to aim to provide reliable and continuous quality improvement of IT services. This study focuses on the HW availability metrics of SLA indicators of IT outsourcing. We propose the Infra availability criteria for the HW configuration level to meet the SLA contract and evaluation. We offer the Infra configuration standards of SLA contract, and propose criteria to determine the suitability of the target levels in IT operations audit environment. The proposed model was verified the necessity and effectiveness of the Infra configuration standards and operation audit check items through the surveys of experts and users.

• Journal of Service Research and Studies
• /
• v.7 no.3
• /
• pp.21-36
• /
• 2017

Recently in information business, managing and auditing are getting more difficult because of enlargement, intellectualization and convergence. In addition, ordering organizations have been having a difficult time choosing a service because not only there is a huge overlap between information audit system and PMO but also the work boundaries of those two are not clear enough. As the demand that a business managing and auditing frame work need to be more developed in terms of independence, quality, economic feasibility and responsibility has been increased, the Korea Association Of Information Systems Audit has been attempting to improve business management and audit system by proposing Unified Project Management Framework whose process is approximately constructed. This study introduces Unified Project Management Framework which is all-encompassing from the ordering at the very beginning of business to the operating in the post-processing step and then verifies its work scope through a comparative analysis with existing management systems. Also, this thesis examines the necessity of unification of audit system and PMO by analysing existing similar systems. At the end, this study, analyses the suitability of Unified Project Management Framework by evaluating it with IT goal frame of COBIT5 which is constructed based on BSC performance management index. The result of the analysis is expected to help people in charge understanding the features of Unified Project Management Framework before they apply it to practical business.

• Management & Information Systems Review
• /
• v.33 no.5
• /
• pp.71-84
• /
• 2014

We examine evidence on the relationship between firms that targeted by the Financial Supervisory Service for allegedly manipulating annual earnings and accounting quality measured by the discretionary accruals, an issue with important public policy implications. The main purpose of this paper is to empirically investigate the extent to which Korean WDS(Window Dressing Settlement) firms identified by the financial supervisory service in their audit review exhibit higher level of accounting quality in order to avoid any potential negative effects and to regain public confidence after audit review. In this study, we analyzed 51 WDS firms and 102 control firms which traded in the Korean Stock Exchange market during the period from 2000 to the 2010. The number of observations subject to various tests are 251 and 502 firm-years for WDS and control samples respectively across the 5 year sample period. The results of the study show that the accounting quality after auditor review be significantly improved. This result suggests that the FSS's audit review system would control the accounting quality and then improve the transparency of the accounting information. Thus it may be suggested that the current audit review system is efficient ways to lead listed firms to provide transparent financial statements.

• Information Systems Review
• /
• v.10 no.3
• /
• pp.155-183
• /
• 2008

Current trend of audit is to check the physical aspects of developed information system, such as checking the budget constraints, time constraints or functional fluency etc. However, ultimate goal of information system is to help the organization to achieve the competency over their competitors. Also, there are three different interest groups in system auditing, like audit requesting group, audited group and audit group, who may have different points of interests in auditing. Current auditing process, however, ignores this point, and so does not check the differences between three groups. This study tries to develop new auditing method to cure these two problems. Contributions of this study may be summarized as follows. First, Introduce the new indexes that can check the possibility that the information system may contribute the competency of organization. Also check the feasibility of indexes through Fuzzy AHP. Second, Divide the audit related person into three groups, and their different needs toward the information system was analyzed. Third, Analyze and compare the main interests of three groups, and weights of each groups to each indexes were calculated. Fourth, Fuzzy theory was applied to quantify the qualitative answers, which may minimize the ambiguity of questionnaire replies.