• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• Journal of Information Technology Services
• /
• v.11 no.4
• /
• pp.107-121
• /
• 2012

The core infra-technology in the ubiquitous era, RFID which has taken action from the public institution with the pilot projects as well as the practical projects is gradually extending its spectrum to the private enterprises. Along with its expansion, the audit required on the RFID-based information system is also growing in the industry. Especially, since RFID-based information systems, especially compared to other information systems, are likely to be exposed to many threats, the security audit for them is being emphasized. This paper suggests security audit checking items for the RFID-based information system, which can be used to perform the efficient security audit. The security audit checking items consist of eight basic checking items, each of which consists of detailed review items and can be applied for each building steps of the system(analysis, design, implementation, testing, and development). Finally, this paper confirmed the efficiency of the security audit checking items proposed in this paper through survey by the experienced auditors and analysis of practical audit cases.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.3
• /
• pp.754-766
• /
• 1997

In this paper,we implement the Audit Trail Service Sydtem for the EDI Security.It has solved a law dispute between enterprises by informations that have generated by the EDI serice systrm.The audit trail service sys-tem implemented for EDI security satisfied the requirements of audit and the protocol of the security serive of X.435 and X.400.The EDI Security Audit System consists of the event discrimiator,the audit recirder,the audit archiver,and the provider of audit services .The event discriminator classified the reansmitted data from the EDI network ot audit sercices.The audit recorder constructs an index that has combined time information wiht audit unformations which are classified by the event discriminator.ZThe audit archiver performas the vacumming of added audit imformations by passing time by passing time.The audit provider is a module that carries out the audit trail servies by using stored audit informations. The audit provider suports audit servies,which are non-requdiation,proof and probe,controller of security,and accesing infrimation.The audit trail service system for EDI security constructs audit information by using index that is combining time imfromation,so it supports especially fast accesing audit information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.109-122
• /
• 2022

The purpose of information security activities is to reduce large-scale material and human accidents that are concerned about hacking damage to important systems, such as control systems, through periodic preventive activities in addition to finding the cause and taking follow-up measures after damage caused by hacking. For this reason, although each institution is using a security work audit model in accordance with the relevant regulations, it is not easy to conduct company-wide inspection activities due to the constraints of manpower and time. Therefore, in this paper, we will analyze the major vulnerabilities of public institutions over the past 10 years and present a security audit model that can perform efficient security activities compared to the models for domestic and foreign security audits.

• Korean Security Journal
• /
• no.5
• /
• pp.109-130
• /
• 2002

As proceeding Munmin and Kukmin's government, it is to bring in regionalism of genernal public administration and police administration, specialization, efficiency issue, demand inventing of audit technique to meet this trends. Especially, according to supporting qualitative improvement of the audit, its environment faced that orienting performance audit emphasis on not the legality but the efficiency more systematic and scientific theory or technique. In order to attain police audit's efficiency through performance audit, this study discussed that scientific management techniques should be applied police audit. Accordingly, the primary purpose of this study is to apply public audit to scientific management technique, bring to light limits in public sector(especially, police sector). To be efficiency audit(namely, performance audit), 1) OR techniques are explained linear programming, network modeling, PERT/CPM, queuing matrix model, simulation, 2) Statistical analysis methods are argued delphi technique, data envelopment analysis(DEA), analytic hierarchical process(AHP), time series analysis models etc.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.79-86
• /
• 2004

In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.

• Informatization Policy
• /
• v.30 no.4
• /
• pp.3-39
• /
• 2023

With the growing importance of information/information system, information security is emphasized, and the significance of information security audit as a tool for maintaining the proper security level is increasing as well. The objectives of the study are to identify the overall research trends and to propose future research areas by analyzing domestic and overseas research in the area. To achieve the objectives, 103 research papers were analyzed based on both general and subject-related criteria. The following are the major research results : In terms of research approach, more empirical studies are needed; For subject "Auditor," studies to develop a framework for related variables (e.g., capability) are needed; For subject "Audit Activities/Procedures," future research should focus on the process/results of detailed audit activities; Future domestic research for "Audit Areas" should look for the new technology/industry/security areas covered by foreign studies; For "Audit Objective/Impact," studies to define the variables (e.g., performance and quality) systematically and comprehensively are needed; For "Audit Standard/Guidelines," research on model/guideline needs to be continued.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.35-42
• /
• 2010

This paper reviews the current studies about the current secure OS, security module and SELinux, and suggests Linux access control module that uses the user discriminating authentication, security authority inheritance of subjects and objects, reference monitor and MAC class process and real-time audit trailing using DB. First, during the user authentication process, it distinguishes the access permission IP and separates the superuser(root)'s authority from that of the security manager by making the users input the security level and the protection category. Second, when the subjects have access to the objects through security authority inheritance of subjects and objects, the suggested system carries out the access control by comparing the security information of the subjects with that of the objects. Third, this system implements a Reference Monitor audit on every current events happening in the kernel. As it decides the access permission after checking the current MAC security attributes, it can block any malicious intrusion in advance. Fourth, through the real-time audit trailing system, it detects all activities in the operating system, records them in the database and offers the security manager with the related security audit data in real-time.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.146-155
• /
• 2004

Currently most of commercial operating systems contain a high-level audit feature to increase their own security level. Linux does not fall behind the other commercial operating systems in performance and stability, but Linux does not have a good audit feature. Linux is required to support a higher security feature than C2 level of the TCSEC in order to be used as a server operating system, which requires the kernel-level audit feature that provides the system call auditing feature and audit event. In this paper, we present LxBSM, which is a kernel module to provide the kernel-level audit features. The audit record format of LxBSM is compatible with that of Sunshield BSM. The LxBSM is implemented as a loadable kernel module, so it has the enhanced usability. It provides the rich audit records including the user-level audit events such as login/logout. It supports both the pipe and file interface for increasing the connectivity between LxBSM and intrusion detection systems (IDS). The performance of LxBSM is compared and evaluated with that of Linux kernel without the audit features. The response time was increased when the system calls were called to create the audit data, such as fork, execve, open, and close. However any other performance degradation was not observed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1271-1284
• /
• 2014

This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a administrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.