• Journal of Digital Convergence
• /
• v.10 no.6
• /
• pp.71-82
• /
• 2012

The interest in SLA in accordance with the development of IT outsourcing has increased due to the rapid development of information systems. Moreover, an awareness and necessity for the Information System Operating Audit has increased while an effective IT service management operations for information systems is needed desperately. However, information system operations and maintenance instructions of the National Information Society Agency operates due to the current information system operation, but the experience and the interpretation of the auditor determine the decision in the field. This paper introduces an operating audit model for the efficient management. This model is derived from the Korea Information Society Agency's operating instructions of the Information Systems Audit and their inspection services. The audit checklists were derived from the areas of service planning, service delivery, service support, and service management. Consequently, the operating audit model was proposed, and the suitability of this model was verified by experts' opinions on the survey.

• Journal of Information Technology Applications and Management
• /
• v.25 no.3
• /
• pp.29-41
• /
• 2018

The purpose of constructing university information system is for improvement in diversification and throughput of information, streamlines business processes, rapid exchange of information, sharing of information, decision-making information, and securing educational facilities. Similar to business information technology system, university information system does not have a review system for sharing and overlapping investment of information. Due to the lack of project management for outsourcing and vulnerability of system suitability, system audit is absolutely needed for the university information system. This paper especially focuses on an operational phase in the audit of university information system. Additionally, we proposed operating model and checklists of the university information system based on Management Guidelines of ITIL V3 Operational and Information System. We derived the checklists of operation audit by each domain of service strategy, service design, service transition, service operation, and continual service improvement. As the result, this study appear to have more than average satisfaction the suitability results were.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.185-196
• /
• 2012

Information system operation principles were recently established in order to provide high quality service and efficient operation audit of IT outsourcing. Operation managements are done based on these principles. Therefore, information operating management process, which refers to itself, is established. Information system operation audit requires a constant audit regularly, which is different from construction/development audit that is done only once. As operating management process changes, operation audit guidelines should be updated and improved. Therefore, this paper proposes IT outsourcing operation audit model with IT outsourcing achievement management as a focus. IT service domain was referred in order to propose information system operation audit model and check lists, which are based on IT outsourcing operation managements such as planning, making strategies, contract, service, and management. The deduced audit model and check lists verified suitability of the proposed model by experts' survey.

• Proceedings of the IEEK Conference
• /
• 1998.10a
• /
• pp.269-272
• /
• 1998

The disks containing all the system software-OS(Operating System), application program, and DB(Data Base)-happen to be broken. This happens not only to general computer systems but also to electronic switching system. In the electronic switching system, this causes the essential data and software needed for operating the system to be damaged and is fatal to services, so that they should be recovered as soon as possible. Especially the data, having the information of subscriber, trunk, prefix, and system configuration should be receovered preferentially. To manage this situation, the system should let the operator know that the data are damaged and recover the damaged data. This paper shows a way of recovering this damaged data, the object data of audit, the structure of DBMS and the implementation of audit in the case of the domestic high capacity electronic switching system, TDX-10A.

• The Journal of the Korea Contents Association
• /
• v.11 no.2
• /
• pp.88-100
• /
• 2011

This thesis suggests fixed quantity model and detailed performance procedures of an information system audit. In addition, an identification of the check-items with high operating risk and factors that might lead to serious effects on the business are made. Then, this thesis proposes the information system audit model that can grant priorities. By using this model, the orderer can evaluate objectively with digitized mark. The model can improve the effectiveness, reliability, and objectivity of the audit by minimizing the discrepancies of different opinions about audit evaluation results between auditee and the orderer. The proposed model is adapted to an application system and audit projects of the database construction. As a result, the model has received an equal mark from the result of the general reviews, thus the propriety of the proposed model was verified.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.35-42
• /
• 2010

This paper reviews the current studies about the current secure OS, security module and SELinux, and suggests Linux access control module that uses the user discriminating authentication, security authority inheritance of subjects and objects, reference monitor and MAC class process and real-time audit trailing using DB. First, during the user authentication process, it distinguishes the access permission IP and separates the superuser(root)'s authority from that of the security manager by making the users input the security level and the protection category. Second, when the subjects have access to the objects through security authority inheritance of subjects and objects, the suggested system carries out the access control by comparing the security information of the subjects with that of the objects. Third, this system implements a Reference Monitor audit on every current events happening in the kernel. As it decides the access permission after checking the current MAC security attributes, it can block any malicious intrusion in advance. Fourth, through the real-time audit trailing system, it detects all activities in the operating system, records them in the database and offers the security manager with the related security audit data in real-time.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.277-285
• /
• 2016

This paper aimed at contributing to the improvement of objectivity and reliability of operating audit, quantitative audit result, being able to comparing with best practice and past operating status, through providing quantitative operation check sheet. Quantitative operation check sheet is comprised of thirteen basic check sheet area. The auditors evaluate the current operation status level with basis of basic check sheet area. It is hoped that this thesis on a quantitative operation check sheet for the Improvement of the operation Audit will become the basis for the applicaton and effectiveness of an operation audit that not only the improvement of the quality of information system audit but also usability of operation audit.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.146-155
• /
• 2004

Currently most of commercial operating systems contain a high-level audit feature to increase their own security level. Linux does not fall behind the other commercial operating systems in performance and stability, but Linux does not have a good audit feature. Linux is required to support a higher security feature than C2 level of the TCSEC in order to be used as a server operating system, which requires the kernel-level audit feature that provides the system call auditing feature and audit event. In this paper, we present LxBSM, which is a kernel module to provide the kernel-level audit features. The audit record format of LxBSM is compatible with that of Sunshield BSM. The LxBSM is implemented as a loadable kernel module, so it has the enhanced usability. It provides the rich audit records including the user-level audit events such as login/logout. It supports both the pipe and file interface for increasing the connectivity between LxBSM and intrusion detection systems (IDS). The performance of LxBSM is compared and evaluated with that of Linux kernel without the audit features. The response time was increased when the system calls were called to create the audit data, such as fork, execve, open, and close. However any other performance degradation was not observed.

• Journal of Digital Convergence
• /
• v.11 no.8
• /
• pp.95-108
• /
• 2013

Agile development methods regards an interaction among software developers, operating softwares, and cooperation with customers as its main value. Most of the developing processes undergo a procedure called tailoring to meet the relevant project. Yet, in reality, projects run in disorder due to their overlap with other methods and management processes. As a result, the advantages of agile process cannot be fully used. So, the information system audit has an important role to detect these problems and improve the qualities of agile application projects. Also, researches should be conducted on Agile-based Iformation System Audit Model in order to enhance the effectiveness of agile projects. This paper suggests a model for an information system audit that applied agile developing methods. This model proposes audit domains and check lists for agile-based information system. In order to verify the suitability of the suggested model, more than 89.3% of the checklists were verified as suitable in all domains.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.1
• /
• pp.79-86
• /
• 2004

In general, operating system is offering the security function of OS level to support several web services. However, it is true that security side of OS level is weak from many parts. Specially, it is needed to audit/trace function in security kernel level to satisfy security more than B2 level that define in TCSEC(Trusted Computer System Evaluation Criteria). So we need to create audit data at system call invocation for this, and do to create audit data of equal format about almost event and supply information to do traceback late. This Paper Proposes audit/trace system module that use LKM(Loadable Kernel Module) technique. It is applicable without alteration about existing linux kernel to ensure safe evidence. It offers interface that can utilize external audit data such as intrusion detection system, and also offers safe role based system that is divided system administrator and security administrator These data will going to utilize to computer forensics' data that legal confrontation is Possible.