• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.229-239
• /
• 2014

Smartwork technology, using teleworking, smartwork centers and mobile terminal, provides a flexible work environments without constraints of time and space. Smartwork system to increase the work efficiency has the information protection threats according to their convenience. Thus, in order to build smartwork, it is proper to provide information protection audit to help ensure the information protection. In this paper, we have proposed an infortaion protection audit model at the practical and technical level for building a smartwork environment. We were classified as a terminal, network and server area for information protection, and derived a professional information protection check items. Further, by establishing a smartwork information protection audit time to map ISMS control items, we have proposed an audit model so that it is possible to improve the security and efficiency. It also verified whether the proposed model is suitable or not by doing a survey if deduced audit domain and check items correspond with the purpose of the smartwork information protection audit to auditors and IT specialists. As the result, this study was 97% satisfaction out of 13 check items.

• The Journal of the Korea Contents Association
• /
• v.11 no.3
• /
• pp.84-99
• /
• 2011

As the integrated and large-scale information is extended due to an advanced information system, a possibility of leaking out privacy increases as the time passes by. As a result, the necessity of using a privacy impact assessment (PIA) is emphasized because it can analyze and minimize the element of invasion of privacy. However, an essential audit for personal information protection is not fulfilled because most of the information system audit supervises over physical, managerial, and technical security items of system architecture area so that general items are the only things being checked. Consequently, this paper proposes that in order to minimize the invasion of personal information, the privacy impact assessment should be done. It also presents a procedure and method of personal information protection audit according to the result of the assessment. After applying the suggested method to two projects, it was confirmed that the improvements for protecting personal information were drawn from this paper.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.133-145
• /
• 2014

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

• 한국IT서비스학회:학술대회논문집
• /
• 2008.11a
• /
• pp.419-422
• /
• 2008

유비쿼터스 시대의 핵심 기반기술인 RFID와 관련하여 공공기관을 중심으로 시범 사업 및 본 사업이 활발하게 추진되고 있다. 또한 RFID 기반 정보시스템에 대한 감리 수요도 계속 증가하고 있으며, 특히 개인정보보호에 대한 관심이 확산되면서 보안감리의 비중도 높아지고 있다. 이와 관련하여 RFID 기반 정보시스템의 사업특성을 적절히 반영한 보안감리 점검항목이 요구되고 있다. 따라서 본 논문에서는 현행 RFID 기반 정보시스템에 대한 감리를 보다 체계적이고 효율적으로 수행하는데 활용될 수 있는 RFID 사업특성기반의 보안감리 점검항목을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.139-148
• /
• 2008

Information technology have led to change the automation of large industrial control system as well as business system and environments. Industrial control system(ICS) is vital components of most nation's critical infrastructures such as electricity, natural gas, water, waste treatment, transportation and communication that are based of national security, safety of citizen and development of national economy According to the change of business environment, organizational management pushed integration all of the system include MIS and ICS. This situation led to use standard information technologies for ICS, this transition has been to expose ICS to the same vulnerabilities and threats that plague business system. Recently government obliged owners of the public information system to audit for safety, efficiency and effectiveness, and also obliged the owners of national infrastructure to improve their system security as a result of vulnerability analysis. But there doesn't prepare a security architecture and information security auditing framework of ICS fur auditing. In this paper, I suggested the security architecture and information security auditing framework for ICS in order to prepare the base of industrial system security auditing.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.23-37
• /
• 2012

Illegal game players' hacking and propagation of malignant code in online game exposes privacy of online game customers. So, online game companies have to support the standardized systems and operations of customers' privacies. Since online game companies implement authentication of information protection, which focuses on assets or physical, systemic security, they need a more professional system that is related to protection of individual privacy. We analyzed the individual information protection system, which includes ISO27001, ISMS of KISA, GMITS, ePrivacy, online game privacy protection guide, and BS10012. Using the suggested systems, we proposed the systemic tools that measure the level of individual information protection, which includes process and check items of each phase.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.3
• /
• pp.428-434
• /
• 2020

Recently, due to the development of ICT technology, changes to the convergence service platform of information systems are accelerating. Convergence services expanded to cyber systems with 5G communication, IoT, AI, and cloud are being reflected in the real world. However, the field of cybersecurity audit for responding to cyber attacks and security threats and strengthening security technology is insufficient. In this paper, we analyze the international standard analysis of information security management system, security audit analysis and security of related systems according to the expansion of 5G communication, IoT, AI, Cloud based information system security. In addition, we design and study cybersecurity audit checklists and contents for expanding security according to cyber attack and security threat of information system. This study will be used as the basic data for audit methods and audit contents for coping with cyber attacks and security threats by expanding convergence services of 5G, IoT, AI, and Cloud based systems.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 1999.03a
• /
• pp.435-444
• /
• 1999

현재까지 연구되고 있던 정보보호관련분야의 계량화방법을 좀 더 다른 방법으로 접근하여, 정보시스템 환경 하에서 보안 및 관리 운영 평가 지수에 계량화하여 1차 집단과 2차 집단간의 차이를 연구하였다. 정보화 관련항목에 대하여 빈도 분석을 적용함으로서 군별, 항목별 분류를 통한 항목 비례 가중치법을 산출하였다. 또한, 선지정 가중치법을 이용하여, 보호지수와 관리운용지수에 따른 상관관계를 조사하여 안전관리 지수를 계량화 하였다.

• Proceedings of the Korea Database Society Conference
• /
• 1999.06a
• /
• pp.435-444
• /
• 1999

현재까지 연구되고 있던 정보보호관련분야의 계량화방법을 좀 더 다른 방법으로 접근하여, 정보시스템 환경 하에서 보안 및 관리 운영 평가 지수에 계량화하여 1차 집단과 2차 집단간의 차이를 연구하였다. 정보화 관련항목에 대하여 빈도 분석을 적용함으로서 군별, 항목별 분류를 통한 항목 비례 가중치법을 산출하였다. 또한, 선지정 가중치법을 이용하여, 보호지수와 관리운용지수에 따른 상관관계를 조사하여 안전관리 지수를 계량화하였다.

• Journal of the Korea Institute of Building Construction
• /
• v.18 no.4
• /
• pp.355-361
• /
• 2018

Many defects are occurring in apartments, the main residential area in Korea. This is due to a lack of construction skills and a lack of management. As many apartments are provided to buyers, the dispute over defects after completion is increasing rapidly. The Housing Act was amended so that local governments could order contractors to repair defects. However, even if defects are resolved after a defect is generated, it is not a fundamental solution that can be satisfied because buyers have to endure the pain caused by the defect. So, it is necessary to protect the interests of buyers by fundamentally reducing defects in apartments. Therefore, in this study, it was suggested that the asymmetry of the information about the apartment buyers should be resolved at the time of sale of the apartment, the final drawings should be a contract document, the review period of the apartment house supervision should be secured, the appropriate supervisory fee should be secured at the time of contract change and the payment procedure should be improved.