DocumentCode
2185113
Title
Enforcing Business Rules and Information Security Policies through Compliance Audits; XISSF - A Compliance Specification Mechanism
Author
Yip, Frederick ; Ray, Pradeep ; Paramesh, Nandan
Author_Institution
School of Computer Science & Engineering, University of New South Wales, Sydney, Australia. fyip@cse.unsw.edu.au
fYear
2006
fDate
07-07 April 2006
Firstpage
81
Lastpage
90
Abstract
Corporate enterprises are facing increased requirements to fulfill different regulations. Requirements such as routine compliance with security standards can provide risk mitigation and process performance benefits. However, compliance management is a manual and labor-intensive process and creates additional overheads to any businesses. To make matter worse, the growing number and constant changes of security standards such as CobiT and ISO17799 contributes to increased complexity. This paper presents XISSF, an extensible information security specification format that acts as a compliance audit mechanism for enforcing business rules and information security policies. A mechanism designed to alleviate the routine and manual task of compliance auditing and assessment as well as increasing the accuracy of audit results. The notion of checkpoints is subsequently introduced and modeled in high level finite state machines in this paper.
Keywords
Audit; Compliance; Information Security Policies; Information Security Specifications; Australia; Automata; Best practices; Computer science; Control systems; Government; Guidelines; Information security; Management information systems; Technology management; Audit; Compliance; Information Security Policies; Information Security Specifications;
fLanguage
English
Publisher
ieee
Conference_Titel
Business-Driven IT Management, 2006. BDIM '06. The First IEEE/IFIP International Workshop on
Print_ISBN
1-4244-0176-3
Type
conf
DOI
10.1109/BDIM.2006.1649214
Filename
1649214
Link To Document