Using case-based reasoning for the design of controls for internet-based information systems

Sangjae Lee, Kyoung jae Kim

Research output: Contribution to journalArticlepeer-review

10 Scopus citations

Abstract

The internal auditors and IS managers should obtain understanding of internal control structure in internet-based information systems (IIS) to be established in their organizations. This paper suggests IISCBR (The design of controls for IIS using case-based reasoning), a case-based reasoning model for generating recommendations of IIS controls. The case base of IISCBR consists of slots that include system environments and IIS controls. IIS controls which are most demanded in certain system environments can be suggested by the following two steps. First, the most probable level of controls is suggested from the cases retrieved. Second, the level of controls that have the highest values in performance among the retrieved case is determined. IIS auditors can retrieve similar cases and provide control recommendations using past cases in IISCBR. In order to evaluate the effectiveness of IISCBR, this paper compares the predictive power of the system with that of multivariate discriminant analysis (MDA). The results indicate that the case-based reasoner outperforms MDA in predictive accuracy.

Original languageEnglish
Pages (from-to)5582-5591
Number of pages10
JournalExpert Systems with Applications
Volume36
Issue number3 PART 1
DOIs
StatePublished - Apr 2009

Keywords

  • Case-based reasoning (CBR)
  • Controls
  • Internet-based information systems (IIS)
  • Recommendation of controls
  • Security

Fingerprint

Dive into the research topics of 'Using case-based reasoning for the design of controls for internet-based information systems'. Together they form a unique fingerprint.

Cite this