论文信息 - Automation Possibilities in Information Security Management

Automation Possibilities in Information Security Management

Information security management, as defined in ISO 27001, deals with establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This paper provides an analysis about the automation possibilities in information security management. The analysis takes into account the potential of using (i) security ontologies in risk management, (ii) hard- and software systems for the automatic operation of certain security controls, and (iii) the Security Control Automation Protocol (SCAP) for automatically checking compliance and security configurations. The analysis results support organizations and security managers at identifying systems they can use to achieve greater efficiency in the information security management process.

Stefan Fenz | Raydel Montesino | Stefan Fenz | Raydel Montesino

[1] Stefan Fenz,et al. Ontology-based generation of IT-security metrics , 2010, SAC '10.

[2] Stefan Fenz,et al. Information Security Risk Management: In Which Security Solutions Is It Worth Investing? , 2011, Commun. Assoc. Inf. Syst..

[3] Stefan Fenz,et al. Formalizing information security knowledge , 2009, ASIACCS '09.

[4] Daniel L. Sherrell,et al. Communications of the Association for Information Systems , 1999 .

[5] Karen A. Scarfone,et al. SP 800-117. Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 , 2010 .

[6] 日本規格協会. 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[7] D. Richard Kuhn,et al. Managing Security: The Security Content Automation Protocol , 2011, IT Professional.

[8] Stefan Fenz,et al. Information Security Automation: How Far Can We Go? , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.