• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.12
• /
• pp.339-348
• /
• 2014

This study searches an improvement scheme of auditing on international financial environment since enforcing IFRS in order to secure transparency and reliability in corporate accounting and credibility in external audit from 2011 K-IFRS. As improvement schemes for the issue of the audit on K-GAAP are: First, the guarantee of the auditor's qualities of duties and talents about the lack of accountability and awareness and independence of auditor are needed. Secondly, the free acceptance or certified public accountant is adopted. Third, the non-Executive Director shall be granted. Fourth, the external auditor CPA and Auditor's remuneration should be increased. Fifth, the auditor's shares shall be limited. Sixth, the external audit to supervise and the ratio of supervision should increase. Finally, the foreign corporation for the time being limited to increase our competitiveness.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.302-322
• /
• 2021

In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.8
• /
• pp.1818-1824
• /
• 2015

Cloud computing draws attention as an application to provide dynamically scalable infrastructure for application, data and file storage. An untrusted remote server can cause a variety of problems in the field of data protection. It may process intentionally or involuntarily user's data operations(modify, insert, delete) without user's permission. It may provide false information in order to hide his mistakes in the auditing process. Therefore, it is necessary to audit the integrity of data stored in the cloud server. In this paper, we propose a new data auditing system that can verify whether servers had a malicious behavior or not. Performance and security analysis have proven that our scheme is suitable for cloud computing environments in terms of performance and security aspects.

• Proceedings of the Korea Database Society Conference
• /
• 1999.06a
• /
• pp.457-465
• /
• 1999

최근 정보화 사업을 추진중인 공공기관의 정보시스템 공익 프로젝트와 관련, 프로젝트 관리 분야에 국한하여 기존의 감리 기준에 의한 감리 현황을 조사하고 유형을 분석, 감리인과 피 감리인이 향후 감리 업무를 수행함에 있어 고려되어야 할 프로젝트 관리 감리 영역과 세부 감리 점검대상에 대해 개선방안을 제시한다.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 1999.03a
• /
• pp.457-465
• /
• 1999

최근 정보화 사업을 추진중인 공공기관의 정보시스템 공익 프로젝트와 관련, 프로젝트 관리 분야에 국한하여 기존의 감리 기준에 의한 감리 현황을 조사하고 유형을 분석, 감리인과 피 감리인이 향후 감리 업무를 수행함에 있어 고려되어야 할 프로젝트 관리 감리 영역과 세부 감리 점검대상에 대해 개선방안을 제시한다.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.1
• /
• pp.44-50
• /
• 2003

When Mobile terminal user want to contact inner-network information sever, wireless information security need for Protect hacking. For the security, Mobile terminal user could have contact to wireless network through the gateway of Wireless Firewall. In this paper, I present a design scheme of Wireless Firewall that included major function of Packet Filtering, NAT, Authentication, and auditing reports services. I would implement to Wireless Firewall that included major function of Packet Filtering, NAT, Authentication, Integrity, and auditing reports services. I would conclude that the suggest will be useful for research and development on Korean Wireless Firewall System.

• Journal of KIISE
• /
• v.42 no.1
• /
• pp.97-106
• /
• 2015

Recently, research on database encryption for data protection and query result authentication methods has been performed more actively in the database outsourcing environment. Existing database encryption schemes are vulnerable to order matching and counting attack of intruders who have background knowledge of the original database domain. Existing query result integrity auditing methods suffer from the transmission overhead of verification object. To resolve these problems, we propose a group-order preserving encryption index and a query result authentication method based on the encryption index. Our group-order preserving encryption index groups the original data for data encryption and support query processing without data decryption. We generate group ids by using the Hilbert-curve so that we can protect the group information while processing a query. Finally, our periodic function based data grouping and query result authentication scheme can reduce the data size of the query result verification. Through performance evaluation, we show that our method achieves better performance than an existing bucket-based verification scheme, it is 1.6 times faster in terms of query processing time and produces verification data that is 20 times smaller.

• Journal of Information Technology Services
• /
• v.5 no.3
• /
• pp.121-135
• /
• 2006

With the growth and maturation of IT industry, the necessity of audit about development, maintenance and management of high-quality information system is gradually increasing. In addition, the necessity of inner auditing system, which could totally verify and evaluate the effectiveness of project according to the characteristics of organization conducting information-oriented business, also being proposed. Government offices including Korea Institute of Science and Technology(KISTI) collectively controlling nationwide science-technology related information have no guiding principle or organization within themselves even though performing information-oriented businesses are becoming more bigger and complicated. In this paper, we propose scheme for devising framework, which can audit construction and operation of knowledge information, check list and guideline. In addition, we present concrete ways for adapting these schemes to institutes which manage science-technology knowledge information. Audit framework consists of points of time in audit, audit domain and audit criterion. Points of time in audit are defined as three phases as followings: pre-audit, in-progress audit and post-audit. Audit domain includes 16 detail audit domains and especially we set 11 check items and 40 detail investigation items for database implementation business. We expect that management level of science-technology implementation business of organizations using this research result will increase and they could offer high-quality information service.