Hong Joo Lee

Development of certification and audit processes of application service provider for IT outsourcing

Abstract ASP (Application Service Provider) refers to an exclusive outsourcing service in which the service provider is given access to the data located in an external data center. Therefore, the security of data and the reliability of the service provider are matters of great importance even when comparing with other information systems. Essential to securing the reliability and efficiency of the ASP service are certification and audit processes. In this paper, we discuss certification and audit processes of ASP services. Our research included: first, a survey of 35 Korean companies’ awareness, advantages and concerns on ASP services. This formed the base of our research. Second, the ASP certification framework and processes required to verify the reliability of ASP services were summarized and case applications were also outlined. Finally, we proposed an audit process aimed at improving efficiency of ASP services. By reference to traditional definitions of information systems and the audit process, new definitions and frameworks for the ASP audit are suggested. The new information system audit processes were compared with traditional ones, and the detailed control items were verified through calculation of their relative importance with respect to ASP life-cycle activities.

Cost-Benefit analysis of security investments: methodology and case study

We live in an unsafe world in which we encounter threats against our safety and security every day. This is especially true in the information processing environment. Managements are engaging and facing difficult problems to manage information security issues. One of the most brain-teasing management issues is “How they could make a decision on security-related investment to maximize the economic balance?” To solve this problem the ROI of security investments must be measured and managed. This paper provides the integrated methodology which consists of a process model and analysis criteria of cost factors and benefit factors to support an economic justification of security investments. Also, a case study is provided to show practicality of this methodology.

A study on value chain in a ubiquitous computing environment

As we enter the 21st century, the term “ubiquitous computing” is emerging. The emerging benefits of “ubiquitous computing” have the potential of fundamentally altering the way we live and work. Most companies are in business to win, and outperform their competitors. They adopt new technologies to fend off new competitors, reinforce an exciting competitive advantage, leapfrog competitors, or just to make money in new markets. Performance is critical. Only recently have companies been in a better position to comprehend how to use new technology such as ubiquitous computing. So now, too many companies are interested in using ubiquitous computing. Our research includes the following: First, we used previous research about the definition of business models and characteristics of ubiquitous computing. Second, we analyzed value chains for ubiquitous computing. Finally, we suggest a new value chain considering ubiquitous computing environment.

Assessment methodology on maturity level of ISMS

This paper suggests the evaluation methodology for ISMS (information security management systems) considering technical, managerial, and operational aspects of information security. This methodology includes the evaluation indices, process, and maturity model. We also provide the case study to prove its practical values. This methodology could be used effectively to analyze and evaluate the ISMS of various enterprises.

Architecture of authentication mechanism for emerging t-commerce environments

With the emergence of convergent information devices capable of delivering multimedia contents and providing an interactive communication with independence of location, new challenges about the implementation of secured environments for electronic business have arisen. Digital television (D-TV) uses the wire-network connections to provide interactive multimedia contents and value-added services such as electronic shopping. T-commerce (Digital Television Commerce) technologies make a dream of new business models an actuality, but these technologies lack in provision of the authentication architecture of users for the accountability, confidentiality and integrity of business contracts and personal preferences. This paper presents the architecture of authentication mechanism to deal with the specific challenges arising from these applications and to overcome the weakness of traditional architecture of the Internet commerce or m-commerce for the secured infrastructure of T-commerce business environments.

CSFs for HCI in ubiquitous computing environments

The vacuum cleaning robot provides various services in home environments. The latest robots provide the functionalities of cleaning up a house automatically and patrolling for home security using camera systems. In this paper, we suggest the user-friendly interfaces for vacuum cleaning robot with the criteria for successful HCI(Human Computer Interaction) of Jakob Nielsen.