论文信息 - A Risk Screening System by Network Diagram Recognition for Information Security Audit

A Risk Screening System by Network Diagram Recognition for Information Security Audit

We address risk screening support for the information security audit. In audit planning, the auditor has limited time to collect information and discuss risks with the company to be audited. The efficient way of identifying risk correctly within the limited time to improve the quality of the information security audit. Focusing on a network diagram that is commonly used for risk identification, we propose a risk screening system by network diagram recognition. The proposed system captures a picture of the network diagram by a camera, and stores the picture in volatile memory. The content of the network diagram on the picture is recognized by technologies of computer vision and saved as a XML file. Applying risk identification rules given by the auditor to the recognized network diagram, the proposed system identifies risks on the network diagram.

Masaki Samejima | Naoki Satoh

[1] Theodore Tryfonas,et al. Standardising business application security assessments with pattern-driven audit automations , 2008, Comput. Stand. Interfaces.

[2] Eijiroh Ohki,et al. Information security governance framework , 2009, WISG '09.

[3] Mark S. Nixon,et al. Feature extraction & image processing for computer vision , 2012 .

[4] Anil K. Jain,et al. Text information extraction in images and video: a survey , 2004, Pattern Recognit..

[5] David C. Yen,et al. Building the evaluation model of the IT general control for CPAs under enterprise risk management , 2011, Decis. Support Syst..

[6] G. Stoneburner,et al. Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[7] Edward Humphreys,et al. Implementing the ISO/IEC 27001 Information Security Management System Standard , 2007 .