A case study on the security audit methodologies in the context of information system's life cycle

被引：0

作者：

Kim, J ^{[1
]}

Hong, K ^{[1
]}

机构：

[1] Chung Ang Univ, Dept Informat Syst, Ansung, Kyunggi, South Korea

来源：

8TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL IX, PROCEEDINGS: COMPUTER SCIENCE AND ENGINEERING: I | 2004年

关键词：

information security audit; information system security; process evaluation; control evaluation and information security evaluation;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Current information security management and audit methods are not effective enough to meet the increased corporate needs on information security. This paper attempts to compare, analyze, and apply to case study, some security audit and evaluation methods of Korea and other countries. In Korea, there is the Information Systems Security/Control Audit Guideline of NCA and the Information Security Management Systems Certification Guideline of KISA for information security audit. The SSE-CCM, BS 7799, NIST SP 800-26, and the ISG of ISACA are some of the better known criteria in other countries. The Information Systems Security/Control Audit Guideline of NCA, SSE-CCM and the ISG of ISACA are the process evaluation methods and the Information Security Management Systems Certification Guideline of KISA, BS 7799 and NIST SP 800-26 are the control evaluation methods. Based on application of the two major methods to a Korean case company, we conclude that process evaluation method needs to be more detailed and control evaluation method needs a modification of the levels of evaluation.

引用

页码：38 / 43

页数：6

共 50 条

[41] Beyond the information audit: Checking the health of an organization's information system
Dobson, Chris
[J]. 2002, Information Today (10): : 32 - 37
[42] Security Management Life Cycle (SMLC): A Comparative Study
Choobineh, Joobin
Anderson, Evan
Grimaila, Michael R.
[J]. AMCIS 2010 PROCEEDINGS, 2010,
[43] Information and Analytical System for Power System Life Cycle Management
Khalyasmaa, Alexandra I.
Dmitriev, Stepan A.
Kokorin, Evgenii L.
Valiev, Rustam T.
[J]. 2016 57TH INTERNATIONAL SCIENTIFIC CONFERENCE ON POWER AND ELECTRICAL ENGINEERING OF RIGA TECHNICAL UNIVERSITY (RTUCON), 2016,
[44] Tools and methodologies for the study of motorcyclist's behaviour in real context
Aupetit S.
Espié S.
Larnaudie B.
Riff J.
Buttelli O.
[J]. Advances in Transportation Studies, 2011, (24): : 15 - 22
[45] THE USE OF BELIEF FUNCTION THEORY WITHIN THE AUDIT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM
Beranek, Ladislav
[J]. ICT FOR COMPETITIVENESS 2012, 2012, : 17 - 24
[46] The information system security management in the polish banking institutions. Case study
Nowicki, Adam
Rot, Artur
Szymanski, Jacek
[J]. 3RD INT CONF ON CYBERNETICS AND INFORMATION TECHNOLOGIES, SYSTEMS, AND APPLICAT/4TH INT CONF ON COMPUTING, COMMUNICATIONS AND CONTROL TECHNOLOGIES, VOL 2, 2006, : 249 - +
[47] Construction and Case Study of Evaluation Index System on the Information Security of Smart City
Sun De-mei
Li Pan-pan
[J]. PROCEEDINGS OF 2017 INTERNATIONAL CONFERENCE ON PUBLIC ADMINISTRATION (12TH) & INTERNATIONAL SYMPOSIUM ON WEST AFRICAN STUDIES (1ST), VOL I, 2017, : 309 - 315
[48] The Design of Teaching Management Information System Based on Oracle Security Audit Technology
Xia Sailian
[J]. PROCEEDINGS OF 2014 IEEE WORKSHOP ON ADVANCED RESEARCH AND TECHNOLOGY IN INDUSTRY APPLICATIONS (WARTIA), 2014, : 687 - 689
[49] Security on software life cycle using intrusion detection system
Myat Myat Min
Khin Haymar Saw Hla
[J]. APSITT 2005: 6th Asia-Pacific Symposium on Information and Telecommunication Technologies, Proceedings, 2005, : 360 - 363
[50] Applying Fuzzy Expert System to Information Security Risk Assessment - A Case Study on an Attendance System
Chang, Li-Yun
Lee, Zne-Jung
[J]. 2013 INTERNATIONAL CONFERENCE ON FUZZY THEORY AND ITS APPLICATIONS (IFUZZY 2013), 2013, : 346 - 351

← 1 2 3 4 5 →