정보시스템 감리에서의 정보보호 감리모형 설계

• Published in: (사)디지털산업정보학회 논문지, 6(2) Vol. 6; no. 2; pp. 233 - 245
• Main Authors: 이지용, 김동수, 김희완, Lee, Ji Yong, Kim, Dong Soo, Kim, Hee Wan
• Format: Journal Article
• Language: Korean
• Published: (사)디지털산업정보학회 01.06.2010
• Subjects: 컴퓨터학; Security Architecture; Information System Audit; Security Audit Framework
• ISSN: 1738-6667; 2713-9018

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.