DOI QR코드

DOI QR Code

An Audit Model for Information Protection in Smartwork

스마트워크 기반의 정보보호 감리 모형

  • Han, Ki-Joon (Dept. of Computer Science and Engineering, Kunkuk University) ;
  • Kim, Dong-Soo (Graduate School of Information and Telecomunications, Konkuk University) ;
  • Kim, Hee-Wan (Division of Computer Engineering, Shamyook University)
  • 한기준 (건국대학교 컴퓨터공학과) ;
  • 김동수 (건국대학교 정보통신대학원) ;
  • 김희완 (삼육대학교 컴퓨터학부)
  • Received : 2013.11.22
  • Accepted : 2014.01.20
  • Published : 2014.01.28

Abstract

Smartwork technology, using teleworking, smartwork centers and mobile terminal, provides a flexible work environments without constraints of time and space. Smartwork system to increase the work efficiency has the information protection threats according to their convenience. Thus, in order to build smartwork, it is proper to provide information protection audit to help ensure the information protection. In this paper, we have proposed an infortaion protection audit model at the practical and technical level for building a smartwork environment. We were classified as a terminal, network and server area for information protection, and derived a professional information protection check items. Further, by establishing a smartwork information protection audit time to map ISMS control items, we have proposed an audit model so that it is possible to improve the security and efficiency. It also verified whether the proposed model is suitable or not by doing a survey if deduced audit domain and check items correspond with the purpose of the smartwork information protection audit to auditors and IT specialists. As the result, this study was 97% satisfaction out of 13 check items.

References

  1. Korea Communications Commission, introduction, operation guidebook of smartwork for enterprise, Korea Communications Commission, 2011
  2. National Information Society Agency, CIO Report 26 Smart phones and mobile office security issues and response strategies, National Information Society Agency, 2010
  3. Hae Soo Hwang, Ki Hyuk Lee, A study on the mobile security model for secure smartwork, Review of KIISC 21(3), pp.22-34, 2011
  4. Hyung Chan Lee, Jung Hyun Lee, Ki Wook Son, Smartwork security threats and countermeasures, Review of KIISC 21(3), pp.12-21, 2011
  5. Ho Sun Yun, Sung Back Hong, Hyung Yul Yum, In Jae Kim, Mobile VPN structure suitable for smartwork environments, Journal of Advanced Information Technology and Convergence(JAITC) 9(5), pp.159-166, 2011
  6. National Information Society Agency, u-Work Service Activation Support Project, National Information Society Agency, 2007
  7. Ji Yong Lee, Dong Soo Kim, Hee Wan Kim, A design of the information security auditing framework of the information system audit, Korea society of digital industry and information management 6(2), pp.233-245, 2010.
  8. Dong Soo Kim, Nam Jae Jun, Hee Wan Kim, Design of financial information security model based on enterprise information security architecture, Korea society of digital industry and information management 6(4), pp.307-317, 2010.
  9. Ho Ik Jang, Ho Hyun Han, Nam Yong Lee, Jang Hee Jo, A study on the selection model of information protection management system control items, The journal of korea information and communications society 35(8), pp. 195-204, 2010
  10. Korea Communications Commission Notice 2010-3, Notice regarding information security management system certification, Korea Communications Commission, 2010
  11. Hee Myung Lee, Jong In Lim, A study on the development of corporate information security level assessment models, Review of KIISC 18(5), pp.161-170, 2008
  12. Myeong Soo Jeong, Dong Bum Lee, Jin Kwak, An analysis of smartwork security threats and security requirements, Korea institute of information security and cryptology 21(3), pp.55-63, 2011
  13. Ministry of Security and Public Administration, Smartwork promotion plan, Ministry of Security and Public Administration, 2010
  14. National Information Society Agency, National Information white papers, National Information Society Agency, 2011
  15. FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems, NIST, 2006.
  16. FIPS PUB 200, Minimum Security Requirements for Federal Information Systems and Organizations, NIST, 2006.
  17. ISO/IEC 27000, Information technology-Security techniques - Information security management systems - Overview and Vocabulary, ISO, 2009.