摘要:This paper proposes a security check maturity model and how to apply the model to support performing the effective security check for information system audit and improve the security stability of ICT business. ISA-SCMM is developed to solve the problem of lacking security check items in current Korean information system audit criteria and to guarantee the sufficient security check items consistent with maturity based global IT criteria such as ISM3 and SSE-CMM. ISA-SCMM is a security measure that be performed on several processes such as information system planning, designing, constructing, and operating. It is made up with 10 areas, 54 security check items and 3 steps of level, which can be applied for considering the characteristics and cost efficiency of ICT businesses and organizational requirements.
关键词:Information System Audit; Security Check Items; Maturity Model; ISA-SCMM; ISM3;SSE-CMM
