• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.951-959
• /
• 2014

In the past few years, data leakage of information assets has become a prominent issue. According to the National Intelligence Service in South Korea, they found 375 cases of data leakage from 2003 to 2013, especially 49 of cases have been uncovered in 2013 alone. These criminals are increasing as time passes. Thus, it constitutes a reason for establishment and operation of ISMS (Information Security Management System) even for private enterprises. But to be ISMS certified, there are many exposed or unexposed barriers, moreover, sufficient amount of studies has not been conducted on the barriers of ISMS Certification. In this study, we analyse empirically through exploratory factor analysis (EFA) to find the obstacle factors of ISMS Certification. The result shows that there are six obstacle factors in ISMS Certification; Auditing difficulty and period, Consulting firm related, Certification precedence case and consulting qualification, Internal factor, CA reliability and auditing cost, Certification benefit.

• Journal of Environmental Impact Assessment
• /
• v.9 no.4
• /
• pp.315-322
• /
• 2000

Environmental Impact Assessment(EIA) was first formally established in the Korea in 1981. Subsequently there has been a rapid growth in EIA activity, and over one hundred fifty environmental impact statements are now published in Korea each year. Although EIA now has almost 20 years of history in the Korea, elsewhere the development of roles and practice is more recent. Development is moving apace in many countries, including the Japan and the EU Member States. Such progress has not been without its problems, and a number of the current issues in EIA-scope of the assessment, the relative roles, the quality of assessment and monitoring and auditing after decision, and so on- are highlighted. So the purpose of this article is to reform the EIA roles and process, in extending the scope of activity, and assessing effectiveness. This article suggested improving the effectiveness of project assessment, widening the scope: stretegic environmental assessment, and extending EIA to project design process, environmental monitoring and feedback system.

• Proceedings of the SAREK Conference
• /
• 2008.11a
• /
• pp.505-510
• /
• 2008

Improving energy efficiency is the important thing of energy saving strategies that was shown up result of IEA meeting and the G8 Summit. Energy audit was started in 2006 that Korea government policy for improving energy efficiency. Who used over 2,000toe/yr(tons of oil equivalent per year) energy consumption has to perform energy audit program of obligation every five years with auditing company. HANMI C&E as a company authorized by Government has diagnosed various type building. This case studies are chosen to best practices by KEMCO. This studies present efficient recommendation methods for improving system performance.

• Korea Trade Review
• /
• v.45 no.5
• /
• pp.223-238
• /
• 2020

In the environment of protectionism and bilateral trade agreements, Korea has promoted the conclusion of FTAs for its export-oriented trading policy, and 16 FTAs have entered into force at present. The main goal of this paper is to introduce the ISI system and its benefits and to extend the preferential rule of origin regime by using the Integrated Sourcing Initiative in the U.S. Code of Federal Regulations. The ISI illustrates with impressive clarity the fact that it considered as a tool of expanding the geographic limit of states and maximizing the global sourcing strategy of multinational corporations, allowing the developing countries to gain access to the market of developed ones that avoid the complexity and costs of many rules of origin regimes. This paper utilizes the literature research and analyzes a case study of FTAs which have adopted the ISI system. In conclusion, it presents several implications of additional measures to satisfy rules of origin in Korea's existing FTAs relating to the global supply chain strategy.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• International Journal of Advanced Culture Technology
• /
• v.9 no.1
• /
• pp.210-217
• /
• 2021

In the case of an agile-based project, it was inadequate to perform a comprehensive inspection and evaluation on the establishment and operation of an information system by performing audit only with the audit and inspection elements provided by the existing information system audit and inspection system. In particular, in the case of the test activity area, it was necessary to improve the test activity audit check items to comprehensively check the agile-based development process by applying the existing audit system. To this end, a test activity improvement check model of the agile methodology audit model was presented by applying the repetition concept, a characteristic of the agile methodology. In order to empirically verify the model of this study, a survey was conducted for auditors and designers/developers who have experience in performing agile-based projects and auditing information systems. As a result of the questionnaire on the integrated test and system test in the test stage, more than 70% of the respondents were found to be suitable. More than 80% of the respondents judged that it was appropriate as a result of the questionnaire on "improvement and regression test progress according to integrated test and system test results" and "integrated test and functional actions of components and subsystems".

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.303-306
• /
• 2011

System solutions for access control to the user's personal when you want to authenticate to the system is used. The valid user is really just a part of authorized users, the suitability of a valid user has been authenticated are not sure whether the problem is the fact. For example, one developer in the Unix operating system can be valid, but do not have permission to access the system should be limited for. In this paper, a single account for multiple users to use the system operational issues to improve the fine-grained delegation of authority, the session audit, the administrator account's policy-based management, with full rights the administrator account of distribution management and auditing the system overall is the study of access control measures.

• Journal of Service Research and Studies
• /
• v.7 no.3
• /
• pp.21-36
• /
• 2017

Recently in information business, managing and auditing are getting more difficult because of enlargement, intellectualization and convergence. In addition, ordering organizations have been having a difficult time choosing a service because not only there is a huge overlap between information audit system and PMO but also the work boundaries of those two are not clear enough. As the demand that a business managing and auditing frame work need to be more developed in terms of independence, quality, economic feasibility and responsibility has been increased, the Korea Association Of Information Systems Audit has been attempting to improve business management and audit system by proposing Unified Project Management Framework whose process is approximately constructed. This study introduces Unified Project Management Framework which is all-encompassing from the ordering at the very beginning of business to the operating in the post-processing step and then verifies its work scope through a comparative analysis with existing management systems. Also, this thesis examines the necessity of unification of audit system and PMO by analysing existing similar systems. At the end, this study, analyses the suitability of Unified Project Management Framework by evaluating it with IT goal frame of COBIT5 which is constructed based on BSC performance management index. The result of the analysis is expected to help people in charge understanding the features of Unified Project Management Framework before they apply it to practical business.

• Proceedings of the KSR Conference
• /
• 2007.11a
• /
• pp.719-728
• /
• 2007

Recently the assurance of railroad safety is very important issue in KOREA because there are lots of changes in the railroad industries. The Railway Safety Act was established in order to cope with these changes effectively and prevent the railroad transportation accidents. According to this law, Korea Transportation Safety Authority (KOTSA) has been entrusted with 'Integrated Railroad Safety Audit (IRSA)' and has implemented the safety audit to the railroad operation agencies such as Korea Railroad (KORAIL) and the railroad facility management organization such as the Korea Rail Network Authority (KR Network). The target of IRSA is to establish the effective rail safety management system and to raise the safety level of the railroad operation and facility agencies by checking synthetically their performance of safety duties with sincerity according to the Railway Safety Act. The purpose of this paper is to improve the efficiency of IRSA by the comparative research between IRSA and other similar safety audit system. To study the efficiency of IRSA, we investigated the rail safety audit systems of EU system specially France, England where the big changes have happened for the rail operation concepts and Japan where government entity control the railroad safety. The international standards of Occupational Health & Safety Assessment Series (OHSAS 18001), Quality Management System (ISO 9001) and Guidelines for Quality and/or Environmental Management Systems Auditing (ISO 19011) are investigated.

• Proceedings of the CALSEC Conference
• /
• 2003.09a
• /
• pp.261-267
• /
• 2003

This study deals with controversial issues surrounding the today′s cyber-taxation and recommends feasible consumption tax system architecture titled Global Electronic Tax Invoice System (GETI). The GETI is an electronic consumption tax architecture to provide "all-in-one" tax and e-payment services through a trusted third party (TTP). GETI is designed to streamline the overall cyber-taxation process and provide simplified and transparent tax invoice services through an authorized np. To ensure information security, GETI incorporates public Key infrastructure (PKI) based digital certificates and other data encryption schemes when calculating, reporting, paying, and auditing tax in the electronic commerce environment. GETI is based on the OECD cyber-taxation agreement that was reached in January 2001, which established the taxation model for B2B and B2C electronic commerce transactions. For the value added tax systems, tax invoice is indispensable to commerce activities, since they provide documentations to prove the validity of commercial transactions. As paper-based tax invoice systems are gradually phased out and are replaced with electronic tax invoice systems, there is an increasing need to develop a reliable, efficient, transparent, and secured cyber-taxation architecture. To design such architecture, several desirable system attributes were considered -- reliability, efficiency, transparency, and security. GETI was developed with these system attributes in mind.