Requirements for Development of an Assessment System for IT&C Security Audit
Keywords:assessment system, security audit, information security management
AbstractIT&C security audit processes are carried out to implement information security management. The audit processes are included in an audit program as decision of the management staff to establish the organization situation against to the planned or expected one. The audit processes require evidence to highlight the above issues. The evidences are gathered by audit team and some automation processes to increase the productivity and accuracy of the audit are needed. The paper presents some issues of the requirements for development of an assessment system with some considerations for IT&C security audit. The emphasized issues are grouped in the following sections: IT&C security audit processes, characteristics of the indicators development process and implementation issues of an assessment system.
S. Capisizu, Models and Techniques for Development the Economic Information Audit, ASE Bucharest, 2006, PhD Thesis
S. Capisizu, G. Noşca and M. Popa, Informatics Audit, The 37th International Scientific Symposium of METRA, Military Equipment and Technologies Research Agency, Bucharest, May 25 – 26, 2006
M. Popa, C. Toma and C. Amancei, Characteristics of the Audit Processes for Distributed Informatics Systems, Informatica Economică, vol. 13, no. 3, 2009, pp. 165 – 178
Barclay Simpson Recruitment Consultant, An Introduction to Computer Auditing, London, www.barclaysimpson.com
International Standard ISO/IEC 17799, Information Technology – Security Techniques – Code of Practice for Information Security Management, Second Edition, 2005
W. Goethert and W. Hayes, Experiences in Implementing Measurement Programs, Software Engineering Measurement and Analysis Initiative, Carnegie Mellon University, Technical Note, November 2001
T. Augustine and C. Schroeder, An Effective Metrics Process Model, The Journal of Defense Software Engineering, vol. 12, no. 6, 1999, pp. 4 – 7
M. Popa, Characteristics for Development of an Assessment System for Security Audit Processes, Economy Informatics, vol. 9, no. 1, 2009, pp. 55 – 62
IT Governance Institute, COBIT 4.1, 2007
T. Perkins, R. Peterson and L. Smith, Back to the Basics: Measurement and Metrics, The Journal of Defense Software Engineering, vol. 16, no. 12, 2003, pp. 9 – 12
S. Payne, A Guide to Security Metrics, SANS Institute, Whitepaper, June 2006
G. Braunton, B.A.S.E. – A Security Assessment Methodology, SANS Institute, Whitepaper, September 2004
How to Cite
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- The author(s) is responsible for the correctness and legality of the paper content.
- Papers that are copyrighted or published will not be taken into consideration for publication in JMEDS It is the author(s) responsibility to ensure that the paper does not cause any copyright infringements and other problems.
- It is the responsibility of the author(s) to obtain all necessary copyright release permissions for the use of any copyrighted materials in the paper prior to the submission.
- The Author(s) retains the right to reuse any portion of the paper, in future works, including books, lectures and presentations in all media, with the condition that the publication by JMEDS is properly credited and referenced.
JMEDS articles by Journal of Mobile, Embedded and Distributed Systems (JMEDS) is licensed under a Creative Commons Attribution 4.0 International License.
Based on a work at http://jmeds.eu.
Permissions beyond the scope of this license may be available at http://jmeds.eu/index.php/jmeds/about/submissions#copyrightNotice.