• DocumentCode
    1831583
  • Title

    Information Security Automation: How Far Can We Go?

  • Author

    Montesino, Raydel ; Fenz, Stefan

  • Author_Institution
    Inf. Security Dept., Univ. of Inf. Sci. (UCI), Havana, Cuba
  • fYear
    2011
  • fDate
    22-26 Aug. 2011
  • Firstpage
    280
  • Lastpage
    285
  • Abstract
    Information security management is a very complex task which involves the implementation and monitoring of more than 130 security controls. To achieve greater efficiency in this process it is necessary to automate as many controls as possible. This paper provides an analysis of how many controls can be automated, based on the standards ISO 27001 and NIST SP800-53. Furthermore, we take the automation potential of controls included in the Consensus Audit Guidelines into account. Finally, we provide an overview of security applications that support automation in the operation of information security controls to increase the efficiency of information security management.
  • Keywords
    ISO standards; security of data; ISO 27001 standard; NIST SP800-53 standard; consensus audit guidelines; information security automation; information security control; information security management; Automation; Guidelines; Information security; Monitoring; NIST;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    978-1-4577-0979-1
  • Electronic_ISBN
    978-0-7695-4485-4
  • Type

    conf

  • DOI
    10.1109/ARES.2011.48
  • Filename
    6045951
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1831583