• 한국IT서비스학회:학술대회논문집
• /
• 2003.11a
• /
• pp.399-406
• /
• 2003

최근의 정보시스템의 개발환경은 급변하고 있으며, 웹 관련 기술의 급속한 발전으로 인한 웹 어플리케이션의 효율적인 개발방법이 필요하게 되었다. 현재 활용되고 있는 정보시스템 감리의 점검 항목은 기존의 구조적방법론과 정보공학방법론에 입각한 것으로 최근의 정보시스템 개발환경의 감리현장에서 활용하기에는 많은 어려움이 따르고 있다. 본 연구에서는 이러한 웹 기반 정보시스템 감리의 문제점을 해결하기 위한 웹 기반 정보시스템의 감리점검항목을 도출하고, 이들 감리점검 항목이 감리의 본래 목적을 충족시키는 지에 대해 실제 웹 기반 정보시스템을 감리해본 경험이 있는 감리인을 중심으로 점검항목의 타당성 및 측정가능성 그리고 중요성 등을 종합적으로 조사하여, 이들 감리 점검항목을 판단하였다. 연구결과 웹 기반의 정보시스템이 효율성, 신뢰성, 안전성 등의 목표를 가지고 구축하기 위해서는 현재의 감리점검항목으로는 부족하며, 웹 기반환경에서는 본 연구에서 제시된 웹 기반 감리점검항목의 추가가 타당하다는 결론이 도출되었다.

• Journal of Service Research and Studies
• /
• v.9 no.2
• /
• pp.31-40
• /
• 2019

In this paper, we have studied the improvement of operational control for the enhancement of business continuity of information system becoming more important with the development of information technology such as big data, Iot, and artificial intelligence. The operational management and audit guidance of the current information system, which is coming in the fourth industrial age, where various services, data and industries are converged, is based on the existing general information system pattern and needs to be improved. The provision of services at fixed times is linked to the survival of enterprises and countries and serves as a key element. Therefore, it is necessary to study the application of optimized check items of the operation audits to minimize the service interruption damage of the information system and to provide the stable service in terms of business continuity management. To accomplish this, the check items presented in the operational control of the information system were derived by combining the PDCA step contents and 8 resource requirements provided in ISO 22301. From the point of view of increasing the business continuity according to the derivation criteria of the inspection items, the operational inspection check items were derived by exemplifying the improved check items and review items of the information system operation audit and the products to be checked during the operational audit. The check items were divided into management audit improvement check items for service continuity management, and operational audit improvement check items for performance and availability management. The average score of the IT professionals' survey on the suitability of the proposed checklist was 4.63, which was concluded to be appropriate.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.123-136
• /
• 2012

Web applications are widely used by the development of the Internet, but there are no separate audit model for a web-based information systems. Information business has a wide variety of characteristics. So, web-based information system audit model is needed. Therefore, a web-based information system audit model was proposed to enhance the effectiveness of audit and to increase the quality. Audit check lists were applied based on three sets of existing information audit check framework. An audit point of time was defined as analysis, design, and implementation. An audit domain was defined as contents, design, and process. Moreover, audit viewpoint and inspection standards were defined by setting standards of process, product, and performance. Moreover, this paper proposes differences between an existing model of information system development methodology and web-based information system. It also deduced audit checklists according to audit domains for web-based information system audit. The deduced audit checklists were verified for its suitability by conducting surveys, and the modified audit inspection model, in which the deduced audit checklists were applied, was proposed.

• 한국IT서비스학회:학술대회논문집
• /
• 2008.11a
• /
• pp.415-418
• /
• 2008

지리정보시스템(GIS)의 구축은 활용범위를 점차 확대하여 지속적으로 추진되고 있으며, 이러한 시점에 효율적인 정보시스템 구축을 위하여 정보시스템 감리 의무화가 법제화 되었다. 그러나 일반 정보시스템 구축과는 그 특성을 달리하는 GIS 구축에 있어 동일한 감리기준으로 시행하게 됨에 따라 GIS 감리 효율성을 확보 하는데 어려움이 있었다. 본 논문에서는 효율적인 GIS 감리를 위하여 기본적으로 GIS 특성연구와 감리 의무화 법제화 이전 GIS 감리기준과 개발방법론 등의 연구를 통하여 GIS 감리 점검항목을 연구 도출 하여 제안하였다. 또한 제안한 점검항목에 대하여 실제 GIS 감리 사례와 비교를 통해 실효성 검증을 시도하였다.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.229-239
• /
• 2014

Smartwork technology, using teleworking, smartwork centers and mobile terminal, provides a flexible work environments without constraints of time and space. Smartwork system to increase the work efficiency has the information protection threats according to their convenience. Thus, in order to build smartwork, it is proper to provide information protection audit to help ensure the information protection. In this paper, we have proposed an infortaion protection audit model at the practical and technical level for building a smartwork environment. We were classified as a terminal, network and server area for information protection, and derived a professional information protection check items. Further, by establishing a smartwork information protection audit time to map ISMS control items, we have proposed an audit model so that it is possible to improve the security and efficiency. It also verified whether the proposed model is suitable or not by doing a survey if deduced audit domain and check items correspond with the purpose of the smartwork information protection audit to auditors and IT specialists. As the result, this study was 97% satisfaction out of 13 check items.

• 한국IT서비스학회:학술대회논문집
• /
• 2008.11a
• /
• pp.419-422
• /
• 2008

유비쿼터스 시대의 핵심 기반기술인 RFID와 관련하여 공공기관을 중심으로 시범 사업 및 본 사업이 활발하게 추진되고 있다. 또한 RFID 기반 정보시스템에 대한 감리 수요도 계속 증가하고 있으며, 특히 개인정보보호에 대한 관심이 확산되면서 보안감리의 비중도 높아지고 있다. 이와 관련하여 RFID 기반 정보시스템의 사업특성을 적절히 반영한 보안감리 점검항목이 요구되고 있다. 따라서 본 논문에서는 현행 RFID 기반 정보시스템에 대한 감리를 보다 체계적이고 효율적으로 수행하는데 활용될 수 있는 RFID 사업특성기반의 보안감리 점검항목을 제안한다.

• 한국IT서비스학회:학술대회논문집
• /
• 2010.05a
• /
• pp.452-457
• /
• 2010

정보시스템 운영은 연속성, 장애에 대한 민감성 등 정보시스템 구축과는 다른 특성을 많이 가지고 있어 감리방법에 있어서도 새로운 방법이 필요하다. 본 논문은 정량화된 운영점검표를 제시함으로써, 운영감리의 객관성과 신뢰성을 확보하고, 감리결과를 정량화하며, 타 운영사례나 과거 운영 상태와의 비교를 가능케 하여, 감리의 품질과 운영감리의 효용성 향상에 기여하고자 하였다. 시스템 운영 정보시스템 감리지침의 기본점검항목을 기준으로 13가지 기본점검항목을 도출하였고, 각 기본점검항목 별로 현재 운영상태가 어떤 수준인지를 평가할 수 있도록 하였으며, 전문가 인터뷰와 현장적용을 통하여 검증하였다.

• Journal of Service Research and Studies
• /
• v.11 no.1
• /
• pp.45-58
• /
• 2021

Requirements engineering can be seen as proceeding with various processes and activities such as extraction, analysis, specification, management, and verification without temporal and spatial constraints in the development environment of information systems that are becoming large and decentralized. Developing requirements well and conducting continuous evaluation and management is the shortcut to success in project management, and it is recognized as a very important matter in relation to requirements in the information system audit. When we conduct information system audit and conducting projects subject to audit, we need to improve the required engineering aspect. Therefore, this study derives inspection items suitable for the target project by referring to the audit inspection manual and audit inspection guide when conducting the current audit, and relates to the required engineering aspect among the contents of the inspection guide for each business type that is the basis for deriving the inspection items were derived for each audit point/audit area for the project management and quality assurance project type corresponding to the inspection items. The suitability of the extracted occupation items was verified through a questionnaire survey by experts.

• Journal of Software Engineering Society
• /
• v.29 no.2
• /
• pp.7-12
• /
• 2020

A project to establish an information system with a project cost of more than 500 million won at a local public firm is subject to the Information System Audit (hereinafter referred to as IS Audit), and the IS Auditor shall conduct audit according to the audit criteria. Recently, as blockchain technology has been applied to various fields such as manufacturing, healthcare, distribution, and public sectors beyond the financial industry, the development of systems that apply blockchain technology is increasing. The use of Hyperledger Fabric, a private blockchain, is on the rise to utilize blockchain technology in public firms and private firms. However, the newly emerging blockchain-based system is not sufficient to carry out auditing with existing audit check items, so it has no choice but to make and use audit items individually. Therefore, a need for verified audit items for systems that base on blockchain technology has emerged. In this study, we customized the Delphi process to derive audit items suitable for the system development project using the blockchain technology, and verified the completeness and accuracy of the audit items derived through a survey by the IS Auditor. This research will be of direct help to the IS Auditor, and it is expected that operators and organizers who provide services through the blockchain-based system will also contribute to improving the quality of the system.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.185-196
• /
• 2012

Information system operation principles were recently established in order to provide high quality service and efficient operation audit of IT outsourcing. Operation managements are done based on these principles. Therefore, information operating management process, which refers to itself, is established. Information system operation audit requires a constant audit regularly, which is different from construction/development audit that is done only once. As operating management process changes, operation audit guidelines should be updated and improved. Therefore, this paper proposes IT outsourcing operation audit model with IT outsourcing achievement management as a focus. IT service domain was referred in order to propose information system operation audit model and check lists, which are based on IT outsourcing operation managements such as planning, making strategies, contract, service, and management. The deduced audit model and check lists verified suitability of the proposed model by experts' survey.