Automated Assessment Of Compliance With Security Best Practices
نویسندگان
چکیده
Several standards and best practices have been proposed for critical infrastructure protection. However, the scale and complexity of critical infrastructure assets renders manual compliance checking difficult, if not impossible. This paper focuses on the automated assessment of security compliance of electrical power grid assets. A security model based on predicate calculus is used to express infrastructure elements (e.g., devices, services, protocols, access control implementations) as “facts” and security standards and best practices as “rules” that specify constraints on the facts. A tool chain is applied to automatically generate the security model from specifications and to check compliance with standards and best practices. The tool chain also supports the visualization of network topology and security assessment results to reveal possible points of attack.
منابع مشابه
Nursing best practices using automated dispensing cabinets: nurses' key role in improving medication safety.
Automated dispensing cabinets (ADCs) are used widely, but safety gaps remain. Nursing-pharmacy collaboration, expert guidance, self-assessment tools, compliance with nursing best practices, and continuing education are essential to optimize the safety and productivity of ADC use.
متن کاملFeasibility of Automated Information Security Compliance Auditing
According to AS/NZS ISO/IEC 27001:2006 [11], management of an organization should provide evidence of its commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the organization’s information security management system. The objective of this research project was to explore the feasibility of designing an intelligent documentation system to...
متن کاملThree Models to Measure Information Security Compliance
Compliance is one of the major issues in information security management is “to be sure been evaluated correctly”. Compliance (regulation) is defined as, “the act of adhering to, and demonstrating adherence to, a standard or regulation” (Wikipedia.org, 2008) or “Conformity in fulfilling official requirement” (MerriamWebster.com, 2009). Many industries measure the compliance with best practices ...
متن کاملTowards Data-driven Continuous Compliance Testing
Recent studies show that security vulnerabilities are caused by neglecting best-practices for the configuration of software and the underlying infrastructure. Due to the rising complexity of software systems and the accelerated speed of software releases using mechanisms like continuous delivery the problem gets even more challenging. Existing processes and methods are not adequate to cope with...
متن کاملAssessment of compliance to radiation safety and protection at the radiology department
Background: Several potential challenges with radiation protection (RP) and safety culture in radiology departments need to be addressed. This study assesses radiographers’ adherence to radiation protection practices in radiology departments. Materials and Methods: A cross-sectional study was conducted among radiographers; 210 self-administrated questionnaires were sent to the participants. An ...
متن کامل