Feasibility of Automated Information Security Compliance Auditing
نویسندگان
چکیده
According to AS/NZS ISO/IEC 27001:2006 [11], management of an organization should provide evidence of its commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the organization’s information security management system. The objective of this research project was to explore the feasibility of designing an intelligent documentation system to assist information security managers in meeting this commitment. In particular, this documentation system would assist in the associated tasks of risk assessment and information security compliance auditing. The proposed documentation system, comprising both supporting software and a database model of the organizational information security environment, together with formalized compliance requirements, may be used both for automated and ongoing compliance testing as well as risk assessment. The risk assessment aspect of the documentation system has been described in previous papers [3, 14]. This paper will deal with a feasibility study of automated compliance auditing. Such automated compliance auditing would enable security managers to readily benchmark their current systems against the appropriate information security standards. This study was undertaken to specifically explore the feasibility of automated compliance auditing against an international information security standard. The standard originally selected for the study was AS/NZS ISO/IEC 17799:2001) [9]
منابع مشابه
A Generic Model and Architecture for Automated Auditing
Research has been performed in areas of auditing, a.o. security auditing, compliance auditing, financial auditing. In order to increase the efficiency of and to allow for continuous auditing, auditing tasks must be automated, which is only possible if audit data are available digitally and suitable algorithms exist. Different areas of auditing follow different objectives, thus require different...
متن کاملRisk management of business tax compliance and related strategies in tax auditing
The present study is related to the management and strategy of dealing with the risk of business tax compliance in tax audits using the Grand Theory method. The statistical population of the study is managers, elites and experts in the field of taxation who have been selected from the snowball or chain sampling method for the interview according to the purpose of the research. After receiving t...
متن کاملCritical Assessment of Auditing Contributions to Effective and Efficient Security in Database Systems
Database auditing has become a very crucial aspect of security as organisations increase their adoption of database management systems (DBMS) as major asset that keeps, maintain and monitor sensitive information. Database auditing is the group of activities involved in observing a set of stored data in order to be aware of the actions of users. The work presented here outlines the main auditing...
متن کاملSupplier Evasion of a Buyer’s Audit: Implications for Auditing and Compliance with Labor and Environmental Standards
Deadly factory fires. Illegal pollution. Injured workers. Many brands have recently been tarnished by publicity of suppliers’ labor and environmental violations, and have responded by increasing their auditing efforts. Anecdotal evidence suggests that “hiding”—supplier efforts to pass an audit through deception or corruption—is prevalent. Under that condition, we show analytically that increasi...
متن کاملCompliance with data protection laws using Hippocratic Database active enforcement and auditing
C. M. Johnson T. W. A. Grandison Governments worldwide are enacting data protection laws that restrict the disclosure and processing of personal information. These laws impose administrative and financial burdens on companies that manage personal information and may hinder the legitimate and valuable sharing and analysis of this information. In this paper we describe an integrated set of techno...
متن کامل