• International Journal of Contents
• /
• v.6 no.4
• /
• pp.79-89
• /
• 2010

In recent years, IT organizations are in the process of introducing IT Governance as the concept and measure of transparency, accountability and effectiveness of IT activities and control for managing governance processes. In this paper, the influential factors for IT organizations to adopt COBIT(The Control Objectives for Information and related Technology) which is a typical framework for effective IT Governance execution were classified and analyzed empirically into internal and external factors. Internal factors were designed based on influential factors in the theory of innovation diffusion, and external factors were designed based on influential factors from outside certification which were absent in COBIT and expertise support from the outside. The result of this study showed that understandability, transition and effectiveness which were internal factors had no effect on COBIT introduction, and only expertise support among certification and expertise support which were external factors had significant effects. This result shows that there are lack of COBIT supports and introduction in internal IT organizations. It is expected that the result of this study will allow strategic approach of COBIT adoption in future by verifying influential factors of COBIT introduction within IT organizations.

• Review of KIISC
• /
• v.23 no.4
• /
• pp.15-21
• /
• 2013

기업의 비즈니스 환경에서 정보보호의 중요성이 높아감에 따라 정보보호와 관련된 표준이나 벤치마크의 필요성도 증대되었다. 이러한 표준에는 ISO/IEC 27001, ISO/IEC 27002, PCIDSS, ITIL, COBIT 등이 유명하다. 본 논문에서는 IT 거버넌스의 프레임워크로서 폭 넓은 범위의 정보보호 플랫폼이 될 수 있는 COBIT 4.1과 정보보호를 위한 상세한 최선의 실무(best practice)를 담고 있는 ISO/IEC 27002의 각 정보보호 요소에 대해 간략히 알아보고, 이들을 서로 매핑하여 "높은 수준"의 프레임워크와 "낮은 수준"의 방법론의 통합에 대한 방향을 제시하고자 한다.

• Informatization Policy
• /
• v.17 no.1
• /
• pp.102-119
• /
• 2010

This study explores the effects of standardized management processes such as COBIT and ITIL on the success of IT outsourcing by utilizing an exploratory case study. The exploratory model includes the maturity of ITIL and COBIT process and success of IT outsourcing. For each construct of the model, several measures are developed from preceding researches and confirmed in the context of the cases utilized for this study. It is found that the maturity of the processes supported by ITIL and COBIT is critical for the success of IT outsourcing in this study. This results confirm the current popularity of the standardized process adopted in practice and also require further research endeavors in this control or management process in the future. It should include any other processes and related activities to the control process in the relationship of IT outsourcing.

• Journal of Information Technology Services
• /
• v.10 no.2
• /
• pp.141-162
• /
• 2011

The controls of Information Systems (IS) have been an more critical issue controls as the sophistication and integration of IS is more proceeded. ITGI (The Information Technology Governance Institute) of ISACA (Information Systems Audit and Control Association) has suggested COBIT (Control Objectives for Information and related Technology) and this has been widely recognized the evaluation model of IS controls. In COBIT, IS was evaluated in terms of process, information quality, and IT resources. This study used COBIT in order to suggest and empirically test an evaluation model of IS service. The data was collated from one major Chinese SI (Systems Integration) company in four domains of processes : planning and organization, acquisition and implementation, delivery and support, and monitoring. Seven factors are extracted using an exploratory factor analysis as follows : Overall IT planning process, technological assessment process in IT planning of IT, cost-benefit assessment process in IT planning, implementation process, support process, monitoring process, post-implementation evaluation process. The results of confirmatory analysis of three alternative measurement models indicated that the measurement model with one inherent or conceptual variable has greater model fitness than the other models. This study suggests the logical and general way to test and apply COBIT in evaluating IS services.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.2
• /
• pp.103-108
• /
• 2012

Recently, IT Governance has been applied to business management environment. In this paper, we study business model that can minimize information security risk using IT governance in cloud computing environment. Especially, we propose the interaction model that link risk management for subject of information security governance. In our model, synergy means the effective, strategic and secure business support. And interaction analysis of BMIS's 4 elements and 6 dynamic interconnections is required. Therefore we propose interaction model which can link risk management based on COSO ERM or COBIT Risk IT Framework.

• Review of KIISC
• /
• v.23 no.4
• /
• pp.22-28
• /
• 2013

정보보호의 중요성으로 공공기관이나 일반 기업은 정보보호관리체계를 수립, 운영하고 있거나 정보보호 활동을 하고 있다. 하지만 정보보호관리체계나 정보보호 활동에 대한 성과측정이 불명확한 기준을 가지고 있거나 명확한 기준이 없는 것이 현실적인 문제점이다. 이러한 문제점으로 적절한 성과측정이 이루어지지 않기 때문에 현재의 정보보호 수준을 올바르게 측정할 수 없을 뿐만 아니라 그에 따른 성과개선을 하기에도 어려운 실정이다. COBIT 프레임워크의 정보보호 성숙도 모델을 활용하여 정보보호 거버넌스 관점과 연계함으로써 정보보호 성과에 대한 측정지표를 구체적으로 제시하고자 한다. 구체적인 정보보호 성과에 대한 측정지표를 활용함으로써 현재의 정보보호 수준을 파악하고 나아가서 정보보호 수준을 개선하고자 하는데 이 연구의 의미를 두고 있다.

• KIISE Transactions on Computing Practices
• /
• v.23 no.3
• /
• pp.177-182
• /
• 2017

To develop computer and communication in the information society, difficulties exist in managing the enormous data manually. Also, loss of data due to natural disasters or hacker attacks, generate a variety of disasters in the IT securities. Hence, there is an urgent need for an information protection management system in order to mitigate these incidents. Information Security Management System has various existing frameworks for IT disaster management. These include Cyber Security Framework, Risk Management Framework, ISO / IEC 27001: 2013, and COBIT 5.0. Each framework analyses and compares the entry for IT disaster recovery from among the various available data. In this paper, we describe a single integrated management scheme for fast resolution of IT disasters.

• Journal of Service Research and Studies
• /
• v.4 no.2
• /
• pp.21-35
• /
• 2014

The mobile environment which is based on the Internet is expanding the area of the web information systems. The mobile Internet is expanding mobile content and services due to the development of wireless network technology, the proliferation of smart terminal devices, and the emergence of a variety of mobile services platforms. A mobile web is to access to the Internet service using a mobile network or other wireless network using a smart phone or a mobile device. Recently, it is to increase the smart phone usage rapidly in the country, and many companies is entering the mobile market. There are increasing need for this operation plan of a mobile web information system. In this paper, we compared the COBIT, ITIL, the SLA, which are the International Information Systems operation standards, and the information system operation standards of Korea Information Security Agency. We analyzed the suitability of the mobile environment and information system operating instructions, and we compared mobile web, operating environments and the ITIL V3.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.2
• /
• pp.703-708
• /
• 2010

Various information sources and the increasing vulnerabilities of information systems could increase the risks of a business. The successful management of business risks depends on appropriate level of risks in business. Business risk management would be conducted in terms of financial risk management and information security management. The financial management and the information security management could not achieve an integrated business risk management. For developing the integrated business risk management, this study analyzes the various information security management systems such as ISMS, EA, ISO27001, COBIT, SPICE, Auditing. This study analyzes information security systems, which could be utilized in developing business risk management.

• Journal of Convergence Society for SMB
• /
• v.6 no.3
• /
• pp.13-19
• /
• 2016

In various ICBM (IoT, Bigdata, Cloud, Mobile) IT convergence environments, IT technologies have been evolved, new information security threats have been occurred. As information security incidents in major public agencies, financial institutions and companies occurred, it was emphasized that the importance of human security was disclosed. Thus, implementing of information security management system could protect hacks and security breaches and respond quickly to accidents so it minimized the sized of loss. In this paper, comparison of human security controls shown in ISO27001, COBIT, NIST 800-53, K-ISMS, Cyber Security Framework such as the main information security management systems was analyzed, and proposed of the security implications about effective controls of human resources security issues.