A Top-Down Approach Towards Translating Organizational Security Policy Directives to System Audit Configuration

نویسندگان

  • Aftab Ahmad
  • Tobias Ruighaver
چکیده

There is a significant gap between the stated objectives of organizational security found in corporate security policy and the audit configuration of event logs present on IT systems. Audit configuration has always been a bottom-up process. As a result, the design and implementation of audit configurations is often constrained by the audit management interface that often models operating system structures rather than real world behavior. This paper argues for a top-down approach in the establishment of IT audit policies and practices. We propose that management should develop an organization wide audit policy that will set mandatory audit directives and ensures that the audit configuration reflects the needs of the organization as defined in the security

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Improved event logging for security and forensics: developing audit management infrastructure requirements

The design and implementation of audit configurations is often constrained by the audit management interface, which typically models operating system structures rather than real world behavior. This paper argues for the need for improved audit management technology as part of an overall top-down approach in the establishment of IT eventlogging policies and practices. We propose that audit manag...

متن کامل

Mesmerize - an open framework for enterprise security management

We have identified five problems that inhibit effective enterprise security management policy divide, lack of reproducibility, lack of consistency, lack of coverage and lack of flexibility in current management systems. We discuss these problems and suggest features an enterprise security management framework should have to address them. Mesmerize is an enterprise security management framework ...

متن کامل

Fractal Population Ecology Theory

Abstract Purpose - The aim of this paper is to describe the population ecology theory through fractal thinking, an emergent human operating system that is creative, adaptive, healthy, and evolutionary; furthermore, a parallel is drawn between the population ecology model and the fractal structure. Top-down hierarchies are typically characterized by command and control systems of the authority t...

متن کامل

Organizational Factors’ Effects on the Success of E-Learning Systems and Organizational Benefits: An Empirical Study in Taiwan

E-learning development for enterprises is still in its infancy in that scholars are still working on identifying the critical success factors for e-learning in organizational contexts. This study presents a framework considering how organizational factors affect the quality and service of e-learning systems and how these factors influence organizational benefits in the view of IS success model ...

متن کامل

Translating Evidence into Healthcare Policy and Practice: Single Versus Multi-Faceted Implementation Strategies – Is There a Simple Answer to a Complex Question?

How best to achieve the translation of research evidence into routine policy and practice remains an enduring challenge in health systems across the world. The complexities associated with changing behaviour at an individual, team, organizational and system level have led many academics to conclude that tailored, multifaceted strategies provide the most effective approach to knowledge translati...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2002