Enforcing business rules and information security policies through compliance audits

First IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM 2006

Volumn 2006, Issue , 2006, Pages 81-90

  Yip, Frederick ^a   Ray, Pradeep ^a   Paramesh, Nandan ^a  

^a UNIVERSITY OF NEW SOUTH WALES   (Australia)

Author keywords

Audit; Compliance; Information security policies; Information security specifications

Indexed keywords

COMPUTATIONAL COMPLEXITY; INFORMATION MANAGEMENT; RISK ASSESSMENT; SECURITY OF DATA; STANDARDS;

COMPLIANCE AUDITING; INFORMATION SECURITY POLICIES; INFORMATION SECURITY SPECIFICATIONS;

REGULATORY COMPLIANCE;

EID: 33847152561     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (17)

1. ISACA, "IT Control Objectives for Sarbanes-Oxley: The importance of IT in the design, implementation and sustainability of internal control over disclosure and financial reporting." 2004, Accessed on December 2005.
2. SEC, "Sarbanes Oxley Act 2002", U.S. Securities and Exchange Commission. Accessed on October 2005.
3. Office of Government. Commerce (OGC), "Information Technology Infrastructure Library (ITIL)", 2005.
4. Ungerman, M., "Creating and Enforcing an Effective Information Security Policy.", Information Systems Control Journal, 2005.
5. Whitman, M.E. and H.J. Mattord, "Management of Information Security", 2004: Thomson.
6. E-Commerce PKI, "E-Commerce PKI CA Glossary", http://www.ecommercepki.com/cps/glossary.htm, Accessed on January 2006.
7. Ernst & Young, "Global Information Security Survey 2005", 2005.
8. Allen, J. "Governing for Enterprise Security", CERT, 2005.
9. IT Governance Institute, "Board Briefing on IT Governance", 2001.
10. Melek, A. and M.M. Kinnon, "2005 Deloitte Global Security Survey", Deloitte Touche Tohmatsu, 2005.
11. Janine Spears, Russell Barton, and William Hery, "An Analysis of How ISO 17799 and SSE-CMM Relate to the S-vector Methodology.", 2004.
12. Kolodgy, C.J., "Optimizing Your IT Controls Environment for Compliance with Multiple Regulations." http://www.bindview.com/. December 2005, Accessed on January 2006.
13. SANS., "Information Security Management Audit Check List.", 2005, http://www.sans.org. Accessed on December 2005.
14. IT Governance Institute, "Control Objectives for Information and Related Technologies v4", 2005.
15. Software Engineering Institute, "Capability Maturity Model for Software (SW-CMM)", http://www.sei.cmu.edu/cmm/cmm.html. Accessed on December 2005
16. Gallegos, F., "IT Audit Independence: What Does It Mean?", Information Systems Control Journal, 2003.
17. Meta Group, http://www.metagroup.com, Accessed on December 2005.