• 농촌계획
• /
• 제14권2호
• /
• pp.99-110
• /
• 2008

The purposes of this paper are first, to develop and adapt auditing methodology of rural amenity resource investigation and second, to propose strategic planning of amenity web data base system. Relating with auditing methodology, we make the life cycle of rural amenity resource investigation based on value chain method. we make 8 stage of auditing process and 105 auditing items in details. We adapt these guidelines in real world and then improve developed methodology. Therefore we expect to promote the quality and accuracy of investigation project using these guidelines. Relating with blue print of strategic planning, we first analyse external environment about Competitors, Suppliers, New entrants, Buyers, Substitutes with 5 force model for amenity information system. We second make the blue print of strategic planning of amenity web data base system project. Then we propose the FIRST, BEST, MOST strategy of amenity web data base system and the web hub system.

• 한국정보처리학회논문지
• /
• 제7권5호
• /
• pp.1409-1418
• /
• 2000

Auditing plays a very important role in the process of developing and managing good quality software. The software developing proces should be audited precisely especially in the test phase. Up to the present, because auditing has depended on the auditor's experience of developing and auditing software, it has been impossible to audit objectively. It is limited to audit systematically and objectively because auditing process isn't systematized. In this paper, the auditing model to solve several problems in present auditing is suggested, a test phase audit system is developed, and the system is applied to the actual auditing process. Consequently, software administrators can establish effective software management, software developers can be supported by a highly reliable and quality software development tool, and auditors can be offered an objective audit standard.

• Spatial Information Research
• /
• 제8권2호
• /
• pp.289-300
• /
• 2000

NGIS사업을 시작으로 GIS 구축사업이 급증하고 있으며, 도시정보화 차원에서 지자체를 중심으로 도시정보시스템(UIS)구축이 확산되고 있다. 인천시는 1999년부터 도시기반정보화사업을 수행하고 있으며, 일차년도 사업으로 하수도관리시스템을 구축하였다. 이러한 하수도관리시스템의 개발에 있어서 사업의 신뢰성과 안전성을 확보하고 시스템의 구축과 운영상의 위험요소 제거를 통하여 사업의 성공적 수행을 목표로 감리를 수행하였다. 기존의 GIS에 대한 감리는 아직 정보시스템 감리와 차별화 되지 못한 실정으로 대부분의 경우 정보시스템감리에 기반을 두고 있다. 따라서 본 연구는 인천시 하수도관리시스템 감리 결과를 토대로 정보시스템 감리와 차별화 되는 GIS 감리중점사항을 제시하였다. 이런한 제시는 향후 GIS관련 감리의 정착 및 제도화에 기여하리라 기대된다.

• 한국시스템다이내믹스연구
• /
• 제12권3호
• /
• pp.25-46
• /
• 2011

Recently, performance auditing system of governmen is carried out as most promising framework of government audit. Performance audit by the Board of Audit and Inspection of Korea involves assessing the causes and effects of government policies, programs, and Institutions with the criteria of economy, efficiency, effectiveness. Performance auditing will contribute to strengthening the values of objective assessments of whether public resources are responsibly and effectively managed to achieve intended results. Nevertheless, there seems to be a problems appears in implementation of audit. That is the problems of tendency return to legitimacy audit which is result from the lack of strong approach and methodology. So, this study purpose to developing stronger audit concepts and methods that add to the process and framework of traditional performance auditing system. First, this study evaluates the limitation of current performance auditing system with the perspective of systems thinking. Second, this study analyzes the process and method of current system and develop the conceptual model of the Dynamics Audit System using the system dynamics methodology, which focused on the appropriate auditing process and framework.

• KDI Journal of Economic Policy
• /
• 제31권1호
• /
• pp.207-237
• /
• 2009

본 논문은 전통적인 탈세이론 및 세무조사이론을 활용하여 우리나라 국민기초생활보장제도의 주요 정책수단인 생계급여하에서의 소득탈루(부정수급)와 정책당국 입장에서의 최적 소득조사전략에 대한 이론 분석을 시도하고, 이를 통해 소득파악 제고를 위한 정책적 시사점을 도출하는 것을 목적으로 한다. 생계급여의 누수는 최저생계비 부근의 소득자들을 중심으로 소득탈루가 집중됨으로써 발생하는데, 임의조사(random auditing), 차단조사(cut-off auditing), 차별조사 등의 소득조사전략별 비교분석을 통해, 일정 수준 이하의 신고소득에 대하여 신고소득 수준에 반비례하는 조사확률을 적용하는 차단식(cut-off) 차별조사전략을 적용하는 것이 소득파악률 제고 및 급여누수 최소화를 위해 가장 바람직함을 입증하였다.

• 한국멀티미디어학회논문지
• /
• 제20권4호
• /
• pp.660-670
• /
• 2017

In case of auditing of the information system development project applying agile methodology, it is not appropriate to carry out a comprehensive check on the establishment of information system with only the existing check on software. This study considers the characteristics of the agile methodology in terms of Information System Auditing. To improve inspection quality of development project with agile methodology by deriving detailed check items of test activities at each stage, this study proposes a strategy to improve the check on software for the test activities of the supervisory model that is suitable for agile methodology, which emphasizes repetitive work.

• 정보보호학회논문지
• /
• 제18권1호
• /
• pp.139-148
• /
• 2008

정보기술의 발전은 비즈니스 환경의 변화는 물론 대형 산업 시설의 자동화에 많은 변화를 가져왔다. 전력, 수자원, 에너지, 교통, 통신, 등은 국가의 안보와 국민 생활의 안정 그리고 국가 경제발전의 기반을 형성하는 국가의 주요 기반시설이며 이들 모두 산업제어 시스템에 의해 통제되고 있다. 또 비즈니스 환경의 변화는 조직의 모든 시스템을 통합하고 있어 경영정보시스템과 산업제어 시스템의 통합이 이루어지고 있다. 이에 따라 산업제어 시스템의 표준화와 개방형 시스템으로 전환이 이루어지고 있어 더욱 보안의 중요성이 커지고 있다. 제어시스템 보안에 대한 연구가 기술, 관리, 환경 등 다양한 분야에서 추진되고 있다. 그럼에도 제어시스템 감사에 대한 연구는 아직 미약하다. 정부는 최근 정부 및 주요 공공 시스템에 대한 정보시스템 감리를 의무화하여 안정성, 효율성, 효과성을 평가하고 있다. 또 주요정보통신기반시설에 대해서는 취약점 분석을 하고 그 개선 작업을 하도록 의무화하고 있다. 그럼에도 제어시스템에 대한 감리를 하지 않고 있고 제어시스템에 대한 보안 아키텍처나 감리 프레임워크도 준비되어 있지 않다. 본 연구는 제어시스템 감리를 위한 정보보안 아키텍처와 정보보안 감리 프레임워크를 제시하여 감리의 기반을 마련하였다.

• Journal of Information Technology Applications and Management
• /
• 제11권2호
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• Journal of Information Processing Systems
• /
• 제11권1호
• /
• pp.104-115
• /
• 2015

Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권10호
• /
• pp.5039-5061
• /
• 2017

Cloud storage becomes a new trend that more and more users move their data to cloud storage servers (CSSs). To ensure the security of cloud storage, many cloud auditing schemes are proposed to check the integrity of users' cloud data. However, most of them are based on public key infrastructure, which leads to complex certificates management and verification. Besides, most existing auditing schemes are inefficient when user uploads a large amount of data or a third party auditor (TPA) performs auditing for multiple users' data on different CSSs. To overcome these problems, in this paper, we propose an efficient and secure auditing scheme based on identity-based cryptography. To relieve user's computation burden, we introduce a proxy, which is delegated to generate and upload homomorphic verifiable tags for user. We extend our auditing scheme to support auditing for dynamic data operations. We further extend it to support batch auditing in multiple users and multiple CSSs setting, which is practical and efficient in large scale cloud storage system. Extensive security analysis shows that our scheme is provably secure in random oracle model. Performance analysis demonstrates that our scheme is highly efficient, especially reducing the computation cost of proxy and TPA.