• Title/Summary/Keyword: Information System Auditing

Search Result 87, Processing Time 0.036 seconds

Identification of the Major Auditing Elements for the Development of Sewage Management System -Focusing Inchon UIS- (하수도관리시스템 개발시 중점감리항목 도출에 관한 연구 -인천시 사업을 중심으로-)

  • 김계현;민숙주;이우철;장성현
    • Spatial Information Research
    • /
    • v.8 no.2
    • /
    • pp.289-300
    • /
    • 2000
  • The development of a UIS driven by muncipal governments has been expanding through the wide application of GIS since NGIS project initiated. City of Inchon has developed a sewage management system as the first-year product of the long-term UIS project. GIS auditing process has been adopted to secure the credibility and stability, and to minimize the critical failure factors for building the sewage management system. So far, the auditing method generally used for developing information system in general purposes has been applied to the GIS field due to the absence of proper method for GIS auditing only. This study proposes major differentials in terms of the auditing between GIS and general information system based on the results from auditing Inchon´s sewage management system. The major results from this study would contribute to the establishment of the methodology and accompanying documents for the proper GIS auditing.

  • PDF

Developing the Auditing Methodology and Strategic Planning of Rural Amenity Resources Investigation (농촌어메니티 자원조사감리방법론 개발과 전략계획)

  • Seo, Bo-Hwan
    • Journal of Korean Society of Rural Planning
    • /
    • v.14 no.2
    • /
    • pp.99-110
    • /
    • 2008
  • The purposes of this paper are first, to develop and adapt auditing methodology of rural amenity resource investigation and second, to propose strategic planning of amenity web data base system. Relating with auditing methodology, we make the life cycle of rural amenity resource investigation based on value chain method. we make 8 stage of auditing process and 105 auditing items in details. We adapt these guidelines in real world and then improve developed methodology. Therefore we expect to promote the quality and accuracy of investigation project using these guidelines. Relating with blue print of strategic planning, we first analyse external environment about Competitors, Suppliers, New entrants, Buyers, Substitutes with 5 force model for amenity information system. We second make the blue print of strategic planning of amenity web data base system project. Then we propose the FIRST, BEST, MOST strategy of amenity web data base system and the web hub system.

The Design and Implementation of Test Phase Audit System (테스트 단계 감리시스템 설계 및 구현)

  • Gwon, Dae-Gon;Han, Pan-Am
    • The Transactions of the Korea Information Processing Society
    • /
    • v.7 no.5
    • /
    • pp.1409-1418
    • /
    • 2000
  • Auditing plays a very important role in the process of developing and managing good quality software. The software developing proces should be audited precisely especially in the test phase. Up to the present, because auditing has depended on the auditor's experience of developing and auditing software, it has been impossible to audit objectively. It is limited to audit systematically and objectively because auditing process isn't systematized. In this paper, the auditing model to solve several problems in present auditing is suggested, a test phase audit system is developed, and the system is applied to the actual auditing process. Consequently, software administrators can establish effective software management, software developers can be supported by a highly reliable and quality software development tool, and auditors can be offered an objective audit standard.

  • PDF

A Study on the Quality Improvement of Information System Auditing for Agile Methodology (애자일 방법론을 적용한 정보시스템의 감리 품질 향상에 관한 연구)

  • Park, Dong-Ah;Park, Man-Gon
    • Journal of Korea Multimedia Society
    • /
    • v.20 no.4
    • /
    • pp.660-670
    • /
    • 2017
  • In case of auditing of the information system development project applying agile methodology, it is not appropriate to carry out a comprehensive check on the establishment of information system with only the existing check on software. This study considers the characteristics of the agile methodology in terms of Information System Auditing. To improve inspection quality of development project with agile methodology by deriving detailed check items of test activities at each stage, this study proposes a strategy to improve the check on software for the test activities of the supervisory model that is suitable for agile methodology, which emphasizes repetitive work.

Applying a Quantitative Model on Information System Security Audit Evaluation for Improving Auditing Quality (정보시스템 감리품질향상을 위한 보안감리평가에의 정량화모델 적용 연구)

  • 김동수;김현수
    • Journal of Information Technology Applications and Management
    • /
    • v.11 no.2
    • /
    • pp.45-64
    • /
    • 2004
  • Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

  • PDF

Information security auditing Framework in Industrial control system (산업제어시스템 정보보안 감리 프레임워크 연구)

  • Lee, Chul-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.139-148
    • /
    • 2008
  • Information technology have led to change the automation of large industrial control system as well as business system and environments. Industrial control system(ICS) is vital components of most nation's critical infrastructures such as electricity, natural gas, water, waste treatment, transportation and communication that are based of national security, safety of citizen and development of national economy According to the change of business environment, organizational management pushed integration all of the system include MIS and ICS. This situation led to use standard information technologies for ICS, this transition has been to expose ICS to the same vulnerabilities and threats that plague business system. Recently government obliged owners of the public information system to audit for safety, efficiency and effectiveness, and also obliged the owners of national infrastructure to improve their system security as a result of vulnerability analysis. But there doesn't prepare a security architecture and information security auditing framework of ICS fur auditing. In this paper, I suggested the security architecture and information security auditing framework for ICS in order to prepare the base of industrial system security auditing.

Efficient and Secure Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy

  • Yu, Haiyang;Cai, Yongquan;Kong, Shanshan;Ning, Zhenhu;Xue, Fei;Zhong, Han
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.10
    • /
    • pp.5039-5061
    • /
    • 2017
  • Cloud storage becomes a new trend that more and more users move their data to cloud storage servers (CSSs). To ensure the security of cloud storage, many cloud auditing schemes are proposed to check the integrity of users' cloud data. However, most of them are based on public key infrastructure, which leads to complex certificates management and verification. Besides, most existing auditing schemes are inefficient when user uploads a large amount of data or a third party auditor (TPA) performs auditing for multiple users' data on different CSSs. To overcome these problems, in this paper, we propose an efficient and secure auditing scheme based on identity-based cryptography. To relieve user's computation burden, we introduce a proxy, which is delegated to generate and upload homomorphic verifiable tags for user. We extend our auditing scheme to support auditing for dynamic data operations. We further extend it to support batch auditing in multiple users and multiple CSSs setting, which is practical and efficient in large scale cloud storage system. Extensive security analysis shows that our scheme is provably secure in random oracle model. Performance analysis demonstrates that our scheme is highly efficient, especially reducing the computation cost of proxy and TPA.

A Study on the Evaluation of Internal Controls Factors in Information System : Focused on Auditors Personal Factors (정보시스템 내부통제요소 중요도 평가에 관한 연구 : 감사 개인적 요인을 충심으로)

  • 이명호;이우형;김재학
    • Korean Management Science Review
    • /
    • v.19 no.1
    • /
    • pp.39-54
    • /
    • 2002
  • With increasing use of the computers and rapid progress of system technology, the Judgment Process of information system auditors is exacerbated and the auditing environment is becoming very complex. Therefore, with limited resources, to achieve the ultimate goals of control & auditing, it is absolutely necessary for the auditors to Identify the relative importance and priority order of controls Accordingly. the auditors'review and evaluation of the internal control are becoming the Important issues in our modern auditing Process. The objectives of this paper are to identify the crucial and important control factors that are necessary for the control system, end to analyze the relative importance of the internal controls.

Penetration Testing and Network Auditing: Linux

  • Stiawan, Deris;Idris, Mohd. Yazid;Abdullah, Abdul Hanan
    • Journal of Information Processing Systems
    • /
    • v.11 no.1
    • /
    • pp.104-115
    • /
    • 2015
  • Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.

An Empirical Study on the Model of Controls Evaluations for LAN

  • 노규성
    • Proceedings of the Korea Society for Industrial Systems Conference
    • /
    • 1998.10a
    • /
    • pp.385-391
    • /
    • 1998
  • As the increase in the use of computers and rapid development of information technology exacerbate auditors' judgmental process, achieving objectives(effectiveness) of control and auditing with limited resources requires auditors to identify relative importance and priority of controls. Consequently, auditors' review and evaluation of internal control is been highlighted in modrn auditing process. Especially, as more organizations adopted LAN(Local Area Network) systems. LAN environment is facing with problems arising from characteristics of theLAN and the evaluation of LAN controls. The modern in this study is LAN control evaluation model with information system auditing objectives. This study concludes that auditors' proper evalution of the importance of LAN controls contributes to the effective achievement of IS auditing objectives.