A Conceptual Framework to Manage and Audit Information Systems Security

Auditing information systems security is difficult and is becomming crucial to ensure the daily operational activities of organizations as well as to promote competition and to create new business opportunities. A conceptual security framework to manage and audit information system security is the proposed research project, presented and discussed. The proposed framework is supported by a conceptual model approach, based on the ISO/IEC_JCT1 ‐ International Organization for Standardization/International Electrotechnical Commission, Joint Technical Committee (ISO/IEC_JTC1 2005) security standards, and will produce a technological tool to assist organizations to better manage and audit their information systems security. This research work started by the analysis of the security stantards ISO/IEC_JTC1, followed by the identification and selection of the security concepts to be included in the conceptual model. Afterward those elements were hierarchically represented in an ontology and formalized through the use of the W3C standard language for modeling ontologies Web Ontology Language (OWL) (Smith et al. 2004). The developed of conceptual framework outlines the hierarchical structure of the security concepts, defined in the ontology. As a result of the research project is expected to demonstrate the effectiveness of a conceptual framework to improve organizations performance concerning the management and auditing of information system security.