{"title":"通过合规性审计执行业务规则和信息安全策略;遵从性规范机制","authors":"F. Yip, Pradeep Ray, N. Paramesh","doi":"10.1109/BDIM.2006.1649214","DOIUrl":null,"url":null,"abstract":"Corporate enterprises are facing increased requirements to fulfill different regulations. Requirements such as routine compliance with security standards can provide risk mitigation and process performance benefits. However, compliance management is a manual and labor-intensive process and creates additional overheads to any businesses. To make matter worse, the growing number and constant changes of security standards such as CobiT and ISO17799 contributes to increased complexity. This paper presents XISSF, an extensible information security specification format that acts as a compliance audit mechanism for enforcing business rules and information security policies. A mechanism designed to alleviate the routine and manual task of compliance auditing and assessment as well as increasing the accuracy of audit results. The notion of checkpoints is subsequently introduced and modeled in high level finite state machines in this paper.","PeriodicalId":194540,"journal":{"name":"2006 IEEE/IFIP Business Driven IT Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Enforcing Business Rules and Information Security Policies through Compliance Audits; XISSF - A Compliance Specification Mechanism\",\"authors\":\"F. Yip, Pradeep Ray, N. Paramesh\",\"doi\":\"10.1109/BDIM.2006.1649214\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Corporate enterprises are facing increased requirements to fulfill different regulations. Requirements such as routine compliance with security standards can provide risk mitigation and process performance benefits. However, compliance management is a manual and labor-intensive process and creates additional overheads to any businesses. To make matter worse, the growing number and constant changes of security standards such as CobiT and ISO17799 contributes to increased complexity. This paper presents XISSF, an extensible information security specification format that acts as a compliance audit mechanism for enforcing business rules and information security policies. A mechanism designed to alleviate the routine and manual task of compliance auditing and assessment as well as increasing the accuracy of audit results. The notion of checkpoints is subsequently introduced and modeled in high level finite state machines in this paper.\",\"PeriodicalId\":194540,\"journal\":{\"name\":\"2006 IEEE/IFIP Business Driven IT Management\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-04-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE/IFIP Business Driven IT Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BDIM.2006.1649214\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE/IFIP Business Driven IT Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BDIM.2006.1649214","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enforcing Business Rules and Information Security Policies through Compliance Audits; XISSF - A Compliance Specification Mechanism
Corporate enterprises are facing increased requirements to fulfill different regulations. Requirements such as routine compliance with security standards can provide risk mitigation and process performance benefits. However, compliance management is a manual and labor-intensive process and creates additional overheads to any businesses. To make matter worse, the growing number and constant changes of security standards such as CobiT and ISO17799 contributes to increased complexity. This paper presents XISSF, an extensible information security specification format that acts as a compliance audit mechanism for enforcing business rules and information security policies. A mechanism designed to alleviate the routine and manual task of compliance auditing and assessment as well as increasing the accuracy of audit results. The notion of checkpoints is subsequently introduced and modeled in high level finite state machines in this paper.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
