• Journal of Information Technology Services
• /
• v.8 no.4
• /
• pp.87-101
• /
• 2009

The current information system audit merely inspects a web based information system by focusing on checking items that are extracted from structured and information engineering model and object-oriented component model. As a result, the checking item of web contents and design is inadequate. This paper aims to extract audit framework in order to strengthen the audit of web contents and design during the development of the web based information system and to suggest checking items based on audit framework. For this, the web development process and web site evaluation model were studied, compared, and analyzed with the current information system development audit. From a result of the survey, it was found that the adequacy of the suggested audit framework and audit checking items is above the average value. It is believed that the suggested audit framework is helpful for the audit of web based information system.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.123-136
• /
• 2012

Web applications are widely used by the development of the Internet, but there are no separate audit model for a web-based information systems. Information business has a wide variety of characteristics. So, web-based information system audit model is needed. Therefore, a web-based information system audit model was proposed to enhance the effectiveness of audit and to increase the quality. Audit check lists were applied based on three sets of existing information audit check framework. An audit point of time was defined as analysis, design, and implementation. An audit domain was defined as contents, design, and process. Moreover, audit viewpoint and inspection standards were defined by setting standards of process, product, and performance. Moreover, this paper proposes differences between an existing model of information system development methodology and web-based information system. It also deduced audit checklists according to audit domains for web-based information system audit. The deduced audit checklists were verified for its suitability by conducting surveys, and the modified audit inspection model, in which the deduced audit checklists were applied, was proposed.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.4
• /
• pp.107-118
• /
• 2010

The user interface is the medium, which provides the users to have an access to the web-based information system. The user interface is the means of improving usability and accessibility for the user, as well as being the core component in the web-based information system. In this paper, the audit framework of the user interface was developed to upgrade the usability and accessibility; it was based on the three basic components of the current audit framework in the web-based information system. At the time of an audit, the UI process of the 'Analysis', 'UI Design', 'UI Production', and 'Test' was defined, which was analyzed through the web development methodology. Also, for the area of an audit, the 'Information', 'Design', and 'Technology' were defined by the analysis of the components that makes up the user interface, From the view of an audit, the standard criteria of an assessment were set as 'Usability', 'Accessibility', and 'Cross Browsing'. Through the framework that was proposed in this paper, practical audit applies the performed examples. By this, the efficiency of the proposed framework was verified.

• Journal of Internet Computing and Services
• /
• v.11 no.6
• /
• pp.73-86
• /
• 2010

In proportion to the rapid increase in the number of Web users, web attack techniques are also getting more sophisticated. Therefore, we need not only to detect Web attack based on the log analysis but also to extract web attack events from audit information such as Web firewall, Web IDS and system logs for detecting abnormal Web behaviors. In this paper, web attack detection system was designed and implemented based on integrated web audit data for detecting diverse web attack by generating integrated log information generated from W3C form of IIS log and web firewall/IDS log. The proposed system analyzes multiple web sessions and determines its correlation between the sessions and web attack efficiently. Therefore, proposed system has advantages on extracting the latest web attack events efficiently by designing and implementing the multiple web session and log correlation analysis actively.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.79-86
• /
• 2004

In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.

• Journal of Integrative Natural Science
• /
• v.14 no.4
• /
• pp.189-196
• /
• 2021

Recently, as a countermeasure for cyber breach attacks and confidential leak incidents on PC hard disk memory storage data of the metaverse industry, it is required when reviewing and developing a remote-based regular/real-time monitoring and analysis security system. The reason for this is that more than 90% of information security leaks occur on edge-end PCs, and tangible and intangible damage, such as an average of 1.20 billion won per metaverse industrial security secret leak (the most important facts and numerical statistics related to 2018 security, 10.2018. the same time as responding to the root of the occurrence of IT WORLD on the 16th, as it becomes the target of malicious code attacks that occur in areas such as the network system web due to interworking integration when building IT infrastructure, Deep-Access-based regular/real-time remote. The concept of memory analysis and audit system is key.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.149-162
• /
• 2014

Course guidance is a mentoring process which is performed before students register for coming classes. The course guidance plays a very important role to students in checking degree audits of students and mentoring classes which will be taken in coming semester. Also, it is intimately involved with a graduation assessment or a completion of ABEEK certification. Currently, course guidance is manually performed by some advisers at most of universities in Korea because they have no electronic systems for the course guidance. By the lack of the systems, the advisers should analyze each degree audit of students and curriculum information of their own departments. This process often causes the human error during the course guidance process due to the complexity of the process. The electronic system thus is essential to avoid the human error for the course guidance. If the relation data model-based system is applied to the mentoring process, then the problems in manual way can be solved. However, the relational data model-based systems have some limitations. Curriculums of a department and certification systems can be changed depending on a new policy of a university or surrounding environments. If the curriculums and the systems are changed, a scheme of the existing system should be changed in accordance with the variations. It is also not sufficient to provide semantic search due to the difficulty of extracting semantic relationships between subjects. In this paper, we model a course mentoring ontology based on the analysis of a curriculum of computer science department, a structure of degree audit, and ABEEK certification. Ontology-based course guidance system is also proposed to overcome the limitation of the existing methods and to provide the effectiveness of course mentoring process for both of advisors and students. In the proposed system, all data of the system consists of ontology instances. To create ontology instances, ontology population module is developed by using JENA framework which is for building semantic web and linked data applications. In the ontology population module, the mapping rules to connect parts of degree audit to certain parts of course mentoring ontology are designed. All ontology instances are generated based on degree audits of students who participate in course mentoring test. The generated instances are saved to JENA TDB as a triple repository after an inference process using JENA inference engine. A user interface for course guidance is implemented by using Java and JENA framework. Once a advisor or a student input student's information such as student name and student number at an information request form in user interface, the proposed system provides mentoring results based on a degree audit of current student and rules to check scores for each part of a curriculum such as special cultural subject, major subject, and MSC subject containing math and basic science. Recall and precision are used to evaluate the performance of the proposed system. The recall is used to check that the proposed system retrieves all relevant subjects. The precision is used to check whether the retrieved subjects are relevant to the mentoring results. An officer of computer science department attends the verification on the results derived from the proposed system. Experimental results using real data of the participating students show that the proposed course guidance system based on course mentoring ontology provides correct course mentoring results to students at all times. Advisors can also reduce their time cost to analyze a degree audit of corresponding student and to calculate each score for the each part. As a result, the proposed system based on ontology techniques solves the difficulty of mentoring methods in manual way and the proposed system derive correct mentoring results as human conduct.

• 한국IT서비스학회:학술대회논문집
• /
• 2003.11a
• /
• pp.399-406
• /
• 2003

최근의 정보시스템의 개발환경은 급변하고 있으며, 웹 관련 기술의 급속한 발전으로 인한 웹 어플리케이션의 효율적인 개발방법이 필요하게 되었다. 현재 활용되고 있는 정보시스템 감리의 점검 항목은 기존의 구조적방법론과 정보공학방법론에 입각한 것으로 최근의 정보시스템 개발환경의 감리현장에서 활용하기에는 많은 어려움이 따르고 있다. 본 연구에서는 이러한 웹 기반 정보시스템 감리의 문제점을 해결하기 위한 웹 기반 정보시스템의 감리점검항목을 도출하고, 이들 감리점검 항목이 감리의 본래 목적을 충족시키는 지에 대해 실제 웹 기반 정보시스템을 감리해본 경험이 있는 감리인을 중심으로 점검항목의 타당성 및 측정가능성 그리고 중요성 등을 종합적으로 조사하여, 이들 감리 점검항목을 판단하였다. 연구결과 웹 기반의 정보시스템이 효율성, 신뢰성, 안전성 등의 목표를 가지고 구축하기 위해서는 현재의 감리점검항목으로는 부족하며, 웹 기반환경에서는 본 연구에서 제시된 웹 기반 감리점검항목의 추가가 타당하다는 결론이 도출되었다.