Chapter PDF
Keywords
- Information Security
- Audit Data
- Compliance Requirement
- Information Asset
- Information Security Management
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
C. Abrams, J. vonKänel, S. Müller, B. Pfitzmann, and S. Ruschka-Taylor. Optimized enterprise risk management. IBM Systems Journal, 46 (2):219–234, 2007.
California Security Breach Information Act. SB 1386, 2003.
Alison Anderson, Dennis Longley, and Lam For Kwok. Security modelling for organisations. In CCS ’94: Proceedings of the 2nd ACM Conference on Computer and communications security, pages 241–250, New York, NY, USA, 1994. ACM.
R.K.E Bellamy, T. Erickson, B. Fuller, W.A. Kellogg, R. Rosenbaum, J.C. Thomas, and T. Vetting Wolf. Seeing is believing: Designing visualizations for managing risk and compliance. IBM Systems Journal, 46 (2):205 –218, 2007.
British Standards Institute. BS 7799, Code of Practice for Information Security Management, 1995.
British Standards Institute. BS 7799-2, Information Security Management Specification, 2002.
W.J. Caelli, G. Gaskell, LF Kwok, and D. Longley. A model to support information security governance. Journal of Information Risk Management and Audit, 16(1):7–24, 2006.
International Standards Organisation. ISO/IEC 17799:2000, Information technology—Code of practice for information security management, 2000.
Joint Australian and New Zealand Standard. AS/NZS ISO/IEC 17799:2001 Information technology—Code of practice for information security management, 2001.
Joint Australian and New Zealand Standard. AS/NZS ISO/IEC 17799:2006 Information technology—Security techniques— Code of practice for information security management, 2006.
Joint Australian and New Zealand Standard. AS/NZS ISO/IEC 27001:2006 Information technology— Security techniques — Information security management systems- Requirements, 2006.
L-F Kwok and D. Longley. Information security management and modelling. Information Management and Computer Security, 7(2):3–4, 1999.
Lam For Kwok and Dennis Longley. A security officer’s workbench. Computers & Security, 15(8):695–705, 1996.
Lam-for Kwok and Dennis Longley. Security modelling for risk analysis. Security and Protection in Information Processing Systems, pages 29–45, 2004.
Organisation for Economic Co-operation and Development, Directorate for Science Technology and Industry. Guidelines for the security of information systems, 1992.
Health Insurance Portability and Accountability Act of 1996. Public law 104-191, united states senate and house of representatives in congress, 1996.
Sarbanes-Oxley Act of 2002. Public law 107-204 (116 statute 745), united states senate and house of representatives in congress, 2002.
U.K. Department of Trade and Industry. Code of practice for information security management, 1992.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Longley, D., Branagan, M., Caelli, W., Kwok, L. (2008). Feasibility of Automated Information Security Compliance Auditing. In: Jajodia, S., Samarati, P., Cimato, S. (eds) Proceedings of The Ifip Tc 11 23rd International Information Security Conference. SEC 2008. IFIP – The International Federation for Information Processing, vol 278. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09699-5_32
Download citation
DOI: https://doi.org/10.1007/978-0-387-09699-5_32
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09698-8
Online ISBN: 978-0-387-09699-5
eBook Packages: Computer ScienceComputer Science (R0)