The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Enhancing Security Management of IT Outsourcing for Information System Establishment and Operation

정보시스템 구축·운영을 위한 IT 외주용역기반 보안관리 강화에 관한 연구

  • 이은섭 (한국산업기술대학교 컴퓨터공학과) ;
  • 김신령 (동서울대학교 정보통신과) ;
  • 김영곤 (한국산업기술대학교 컴퓨터공학과)
  • Received : 2017.07.10
  • Accepted : 2017.08.11
  • Published : 2017.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

In recent years, major security data such as research data and confidential documents have been leaked to the outside due to the carelessness of the companies and research institutes performing IT related services such as information technology projects and research and development of financial institutions, companies and public institutions is. Leakage cases are caused by leakage of personal information due to lack of security management of information system maintenance companies, such as unauthorized leakage or storage of related materials in outsourcing service process. In this paper, we analyzed the types and management status of service business through the environmental survey of corporate informatization business and analyzed the problems in development and maintenance using external service companies. Furthermore, in this paper, we provide an information system service that focuses on the business activities based on the items considered, and at the same time, it provides the informatization service for companies that can prevent infiltration of viruses and hacking from the outside. This paper presents a methodology for enhancing security for the system construction.

최근 금융기관, 기업, 공공기관의 정보화사업 및 연구개발 등 IT 관련 용역사업을 수행하는 업체와 연구소의 관리 부주의로 인해 연구자료, 기밀문서 등 주요 보안자료들이 외부로 유출되는 사례가 빈번하게 발생하고 있다. 유출사례들은 외주용역 과정에 있어서 관련 자료를 무단으로 유출하거나 보관하는 등 정보시스템 유지보수업체의 보안관리 부실로 개인정보가 유출되어 피해를 발생시키고 있다. 이에 본 논문에서는 기업 정보화 사업 환경 조사를 통해 용역사업에 대한 유형 및 관리현황을 파악하고 외부 용역 업체를 활용한 개발 및 유지보수 수행 시 문제점을 분석 조사 하였다. 더 나아가 본 논문에서는 고려한 항목들을 설계의 바탕으로 하여 기업 활동에 집중할 수 있는 정보시스템 서비스를 제공하는 동시에 불법소프트웨어 설치 금지, 외부로부터의 바이러스, 해킹 등에 대한 침투를 원천적으로 방지할 수 있는 기업의 정보화시스템 구축을 위한 단계별 보안강화 방법론을 제시하였다.

Keywords

References

  1. Kil Ho Jung, 'A Study on the Performance of IT Outsourcing', 2015.12
  2. Cha Seung Ho, Yang Dong Hoon. (2011). A Study on the Effectiveness of Human Resource Outsourcing. Korean Jouranl of Business Administration, 24 (5), 2987-3006. 2011
  3. Kyung-Bae Min, Jang-Mook Kang, "Rights to Control Information and Related Security Technologies on the CyberSpace" The Journal of The Institute of Internet, Broadcasting and Communication(JIIBC), VOL. 10 No. 2, pp.135-141 2010
  4. Je-Man Jun, Seon-Gyu Yi. (2013). Influence Factors and the Introducing Outcomes over IT Outsourcing in the Government Offices. JOURNAL OF THE KOREA CONTENTS ASSOCIATION, 13(3), 339-351. 2013 https://doi.org/10.5392/JKCA.2013.13.03.339
  5. Byoung-Chol Lee, SungYul Rhew. (2013). The Maintenance Cost Estimation Model for Information System Maintenance Based on the Operation, Management and Service Metrics. Journal of the Korea Society of Computer and Information , 18(5), 77-85. 2013 https://doi.org/10.9708/jksci.2013.18.5.077
  6. Sang-Un Lee, Myeong-Bok Choi, "A Definition and Evaluation Criteria for Software Development Success", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 12, No. 2, pp. 233-241. 2012 DOI: http://dx.doi.org/10.7236/JIWIT.2012.12.2.233
  7. Dongkun Lee and Jong In Lim. (2016). Forecast System for Security Incidents. Journal of the Institute of Electronics and Information Engineers, 53(6), 69-79. 2016 https://doi.org/10.5573/IEIE.2016.53.6.069
  8. Do-Hyun Choi, Mun-Seog Jun, Jung-OhPark, "A Study On Security Threat Analysis and Government Solution for Civil Service Online" The Journal of The Institute of Internet, Broadcasting and Communication(JIIBC), VOL. 14 NO. 5, pp.1-10 2014 https://doi.org/10.7236/JIIBC.2014.14.5.1
  9. The total estimated damage due to leakage of the credit card company is 100 billion won, http://view.asiae.co.kr/news/view.htm?idxno=2014012711034390924
  10. National Intelligence Service, "Information System Storage Media Insolvency Guidelines", 2006.3
  11. Bang, Min-Seok, Shin, Young-Jin. (2015). A comparative study on measures to secure the safety standards for privacy : Focused on the technical and management protection rules.GRI REVIEW, 17(3), 363-388. 2015