• The Journal of the Korea Contents Association
• /
• v.11 no.2
• /
• pp.88-100
• /
• 2011

This thesis suggests fixed quantity model and detailed performance procedures of an information system audit. In addition, an identification of the check-items with high operating risk and factors that might lead to serious effects on the business are made. Then, this thesis proposes the information system audit model that can grant priorities. By using this model, the orderer can evaluate objectively with digitized mark. The model can improve the effectiveness, reliability, and objectivity of the audit by minimizing the discrepancies of different opinions about audit evaluation results between auditee and the orderer. The proposed model is adapted to an application system and audit projects of the database construction. As a result, the model has received an equal mark from the result of the general reviews, thus the propriety of the proposed model was verified.

• Journal of KIISE:Software and Applications
• /
• v.35 no.2
• /
• pp.105-117
• /
• 2008

Generally, project audit provides the service which accomplishes a project successfully by checking the management activity of information system project, indicating a controversial point and reflecting the improvement issues based on project audit check list. In addition, the projects are managed by using the project management maturity model based on process. However, the effect is not big as we except projects performance of real world. In this paper. to solve these problems, the project management maturity evaluation model which is connected with project audit check list and organizational maturity model survey items is designed. Thus, we propose the model which can improve the project performance through the project evaluation of customer's project and development part and the evaluation of organization level as we design that it is possible to not only audit the project but also evaluate it before and after the project.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.133-145
• /
• 2014

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.251-266
• /
• 2012

Location Information is an information about a place where an individual exists or had existed. As smart phones are popularized, location information becomes more than simple information about the place. As a result, services using an individual's location information became the trend. However, problems arising from discharging Private Information can damage an individual, because it causes financial and economic loss but also detects individual's location and route directly. In realities, the guide that regulates Location Based Service for administering Private Location Information is insufficient. Therefore, this paper proposes check items, which contain standards of judicial action, financial loss ratings, importance of Private Location Information, and criticality of check lists, during the Private Location Information audit at the level of analysis, design, and management of the Information System, in order to prevent the infringement and disclosure of the Private Location Information. Moreover, the proposed check items were verified for its suitability by the professionals' survey.

• Journal of Digital Convergence
• /
• v.13 no.7
• /
• pp.183-196
• /
• 2015

In order to perform a successful outsourcing, we needs the SLA through improving the quality of IT services. In particular SLA metrics and evaluation criteria is an important factor as to substitute the IT viability of the company to promote IT Outsourcing. SLA metrics consist of technical, managerial, user perspective items, and has been managed to aim to provide reliable and continuous quality improvement of IT services. This study focuses on the HW availability metrics of SLA indicators of IT outsourcing. We propose the Infra availability criteria for the HW configuration level to meet the SLA contract and evaluation. We offer the Infra configuration standards of SLA contract, and propose criteria to determine the suitability of the target levels in IT operations audit environment. The proposed model was verified the necessity and effectiveness of the Infra configuration standards and operation audit check items through the surveys of experts and users.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.53-61
• /
• 2019

In this paper, we propose 'a self - conformance system of convergence security provider' to provide basic data for security and reliability of convergence industrial technology, system and service. It is difficult to evaluate convergence security systems, limited to information and communication service providers, unable to check convergence security items, burden of submission documents, difficulty in measuring convergence security service level and we will summarize product and service-based requirements that can be integrated and systematically measure the level of convergence security and define renewed life cycle-based convergence security information and content security and assurance requirements. On the basis of this, each convergence security company declares conformity with the standard itself without the certification of the certification body, and introduces the provider conformity certification system which can manufacture and sell. This will enable the company to strengthen its competitiveness through timely launch and implementation of products and services and cost reduction.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.23-37
• /
• 2012

Illegal game players' hacking and propagation of malignant code in online game exposes privacy of online game customers. So, online game companies have to support the standardized systems and operations of customers' privacies. Since online game companies implement authentication of information protection, which focuses on assets or physical, systemic security, they need a more professional system that is related to protection of individual privacy. We analyzed the individual information protection system, which includes ISO27001, ISMS of KISA, GMITS, ePrivacy, online game privacy protection guide, and BS10012. Using the suggested systems, we proposed the systemic tools that measure the level of individual information protection, which includes process and check items of each phase.