Enforcing business rules and information security policies through compliance audits - XISSF - A compliance specification mechanism

被引：0

作者：

Yip, Frederick ^{[1
]}

Ray, Pradeep ^{[2
]}

Paramesh, Nandan ^{[1
]}

机构：

[1] Univ New South Wales, Sch Comp Sci & Engn, Sydney, NSW, Australia

[2] Univ New South Wales, Sch Informat Syst & Technol Management, Sydney, NSW, Australia

来源：

INFORMATION TECHNOLOGY MANAGEMENT FROM A BUSINESS PERSPECTIVE | 2006年

关键词：

compliance; information security policies; audit; information security specifications;

D O I：

暂无

中图分类号：

F [经济];

学科分类号：

02 ;

摘要：

Corporate enterprises are facing increased requirements to fulfill different regulations. Requirements such as routine compliance with security standards can provide risk mitigation and process performance benefits. However, compliance management is a manual and labor-intensive process and creates additional overheads to any businesses. To make matter worse, the growing number and constant changes of security standards such as CobiT and ISO17799 contributes to increased complexity. This paper presents XISSF, an e risible information security specification format that acts as a compliance audit mechanism for enforcing business rules and information security policies. A mechanism designed to alleviate the routine and manual task of compliance auditing and assessment as well as increasing the accuracy of audit results. The notion of checkpoints is subsequently introduced and modeled in high level finite state machines in this paper.

引用

页码：81 / +

页数：2

共 15 条

[1] ALLEN J, 2005, GOVERNING ENTERPRISE
[2] [Anonymous], MANAGEMENT INFORM SE
[3] *EC PKI, EC PKI CA GLOSS
[4] Ernst & Young, 2005, GLOB INF SEC SURV 20
[5] GALLEGOS F, 2003, INFORM SYSTEMS CONTR
[6] *ISACA, 2004, IT CONTR OBJ SARB IM
[7] *IT GOV I, 2005, CONTR OBJ INF REL TE
[8] IT Governance Institute [ITGI], 2001, BOARD BRIEF IT GOV
[9] KOLODGY CJ, OPTIMIZING YOUR IT C
[10] MELEK A, 2005, 2005 DELOITTE GLOBAL

← 1 2 →