진현준, 박후린, 최정원, 조용권, 홍영창, 이동수, 신우빈,

Vol. 35, No. 2, pp. 383-396, 4월. 2025
10.13089/JKIISC.2025.35.2.383, Full Text:
Keywords: ISMS, LLM, RAG, OCR, Automation
Abstract

This study proposes an LLM-based certification management automation system for efficient diagnosis and analysis of complex regulatory compliance requirements when preparing for an Information Security Management System(ISMS) certification. This system has the following two functions. The first is the document search function, which automatically analyzes and searches for content that meets the certification standards according to the company's policy. At this time, in order to solve the hallucination that occurs by simply introducing LLM, RAG was applied to refer only to the company's documents. The second is the evidence appropriateness check function, which automatically checks whether the evidence data and the certification criteria meet for some items. Considering that most of the necessary evidence data are in tables and texts, OCR was applied to the preprocessing process of data to be delivered to LLM. The performance evaluation of this system was conducted based on the Big-O notation and the consulting output used in the actual ISMS certification, and the reduced time required and high accuracy and detail of the analysis results were confirmed compared to the existing consulting process. This will not only reduce the burden on companies, but also improve the level of information security, and is expected to be reorganized into a more simplified screening process.

Statistics
Cite this article