• Spatial Information Research
• /
• 제8권2호
• /
• pp.289-300
• /
• 2000

NGIS사업을 시작으로 GIS 구축사업이 급증하고 있으며, 도시정보화 차원에서 지자체를 중심으로 도시정보시스템(UIS)구축이 확산되고 있다. 인천시는 1999년부터 도시기반정보화사업을 수행하고 있으며, 일차년도 사업으로 하수도관리시스템을 구축하였다. 이러한 하수도관리시스템의 개발에 있어서 사업의 신뢰성과 안전성을 확보하고 시스템의 구축과 운영상의 위험요소 제거를 통하여 사업의 성공적 수행을 목표로 감리를 수행하였다. 기존의 GIS에 대한 감리는 아직 정보시스템 감리와 차별화 되지 못한 실정으로 대부분의 경우 정보시스템감리에 기반을 두고 있다. 따라서 본 연구는 인천시 하수도관리시스템 감리 결과를 토대로 정보시스템 감리와 차별화 되는 GIS 감리중점사항을 제시하였다. 이런한 제시는 향후 GIS관련 감리의 정착 및 제도화에 기여하리라 기대된다.

• 농촌계획
• /
• 제14권2호
• /
• pp.99-110
• /
• 2008

The purposes of this paper are first, to develop and adapt auditing methodology of rural amenity resource investigation and second, to propose strategic planning of amenity web data base system. Relating with auditing methodology, we make the life cycle of rural amenity resource investigation based on value chain method. we make 8 stage of auditing process and 105 auditing items in details. We adapt these guidelines in real world and then improve developed methodology. Therefore we expect to promote the quality and accuracy of investigation project using these guidelines. Relating with blue print of strategic planning, we first analyse external environment about Competitors, Suppliers, New entrants, Buyers, Substitutes with 5 force model for amenity information system. We second make the blue print of strategic planning of amenity web data base system project. Then we propose the FIRST, BEST, MOST strategy of amenity web data base system and the web hub system.

• 한국정보처리학회논문지
• /
• 제7권5호
• /
• pp.1409-1418
• /
• 2000

Auditing plays a very important role in the process of developing and managing good quality software. The software developing proces should be audited precisely especially in the test phase. Up to the present, because auditing has depended on the auditor's experience of developing and auditing software, it has been impossible to audit objectively. It is limited to audit systematically and objectively because auditing process isn't systematized. In this paper, the auditing model to solve several problems in present auditing is suggested, a test phase audit system is developed, and the system is applied to the actual auditing process. Consequently, software administrators can establish effective software management, software developers can be supported by a highly reliable and quality software development tool, and auditors can be offered an objective audit standard.

• 한국멀티미디어학회논문지
• /
• 제20권4호
• /
• pp.660-670
• /
• 2017

In case of auditing of the information system development project applying agile methodology, it is not appropriate to carry out a comprehensive check on the establishment of information system with only the existing check on software. This study considers the characteristics of the agile methodology in terms of Information System Auditing. To improve inspection quality of development project with agile methodology by deriving detailed check items of test activities at each stage, this study proposes a strategy to improve the check on software for the test activities of the supervisory model that is suitable for agile methodology, which emphasizes repetitive work.

• Journal of Information Technology Applications and Management
• /
• 제11권2호
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• 정보보호학회논문지
• /
• 제18권1호
• /
• pp.139-148
• /
• 2008

정보기술의 발전은 비즈니스 환경의 변화는 물론 대형 산업 시설의 자동화에 많은 변화를 가져왔다. 전력, 수자원, 에너지, 교통, 통신, 등은 국가의 안보와 국민 생활의 안정 그리고 국가 경제발전의 기반을 형성하는 국가의 주요 기반시설이며 이들 모두 산업제어 시스템에 의해 통제되고 있다. 또 비즈니스 환경의 변화는 조직의 모든 시스템을 통합하고 있어 경영정보시스템과 산업제어 시스템의 통합이 이루어지고 있다. 이에 따라 산업제어 시스템의 표준화와 개방형 시스템으로 전환이 이루어지고 있어 더욱 보안의 중요성이 커지고 있다. 제어시스템 보안에 대한 연구가 기술, 관리, 환경 등 다양한 분야에서 추진되고 있다. 그럼에도 제어시스템 감사에 대한 연구는 아직 미약하다. 정부는 최근 정부 및 주요 공공 시스템에 대한 정보시스템 감리를 의무화하여 안정성, 효율성, 효과성을 평가하고 있다. 또 주요정보통신기반시설에 대해서는 취약점 분석을 하고 그 개선 작업을 하도록 의무화하고 있다. 그럼에도 제어시스템에 대한 감리를 하지 않고 있고 제어시스템에 대한 보안 아키텍처나 감리 프레임워크도 준비되어 있지 않다. 본 연구는 제어시스템 감리를 위한 정보보안 아키텍처와 정보보안 감리 프레임워크를 제시하여 감리의 기반을 마련하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권10호
• /
• pp.5039-5061
• /
• 2017

Cloud storage becomes a new trend that more and more users move their data to cloud storage servers (CSSs). To ensure the security of cloud storage, many cloud auditing schemes are proposed to check the integrity of users' cloud data. However, most of them are based on public key infrastructure, which leads to complex certificates management and verification. Besides, most existing auditing schemes are inefficient when user uploads a large amount of data or a third party auditor (TPA) performs auditing for multiple users' data on different CSSs. To overcome these problems, in this paper, we propose an efficient and secure auditing scheme based on identity-based cryptography. To relieve user's computation burden, we introduce a proxy, which is delegated to generate and upload homomorphic verifiable tags for user. We extend our auditing scheme to support auditing for dynamic data operations. We further extend it to support batch auditing in multiple users and multiple CSSs setting, which is practical and efficient in large scale cloud storage system. Extensive security analysis shows that our scheme is provably secure in random oracle model. Performance analysis demonstrates that our scheme is highly efficient, especially reducing the computation cost of proxy and TPA.

• 경영과학
• /
• 제19권1호
• /
• pp.39-54
• /
• 2002

With increasing use of the computers and rapid progress of system technology, the Judgment Process of information system auditors is exacerbated and the auditing environment is becoming very complex. Therefore, with limited resources, to achieve the ultimate goals of control & auditing, it is absolutely necessary for the auditors to Identify the relative importance and priority order of controls Accordingly. the auditors'review and evaluation of the internal control are becoming the Important issues in our modern auditing Process. The objectives of this paper are to identify the crucial and important control factors that are necessary for the control system, end to analyze the relative importance of the internal controls.

• Journal of Information Processing Systems
• /
• 제11권1호
• /
• pp.104-115
• /
• 2015

Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.

• 한국산업정보학회:학술대회논문집
• /
• 한국산업정보학회 1998년도 공동추계학술대회 경제위기 극복을 위한 정보기술의 효율적 활용
• /
• pp.385-391
• /
• 1998

As the increase in the use of computers and rapid development of information technology exacerbate auditors' judgmental process, achieving objectives(effectiveness) of control and auditing with limited resources requires auditors to identify relative importance and priority of controls. Consequently, auditors' review and evaluation of internal control is been highlighted in modrn auditing process. Especially, as more organizations adopted LAN(Local Area Network) systems. LAN environment is facing with problems arising from characteristics of theLAN and the evaluation of LAN controls. The modern in this study is LAN control evaluation model with information system auditing objectives. This study concludes that auditors' proper evalution of the importance of LAN controls contributes to the effective achievement of IS auditing objectives.