Cognitive Compliance: Analyze, Monitor and Enforce Compliance in the Cloud

IT compliance is an area of increasing attention and capital spend in enterprise IT environments. Enforcing compliance is a complex process, which involves following regulatory requirements coming from many, often overlapping sources, and mapping those requirements against a controls framework that implements them on the ground. In this paper, we propose a solution for streamlining the process of analyzing, monitoring and enforcing compliance in the cloud. We rely on text classification methodologies to match both regulatory requirements and controls against a common hierarchy. Finally, we explain how to use the text classification techniques to analyze the regulatory requirements, and match them to executable code that enforces these requirements in the cloud infrastructure components, such as in virtual machines and containers.

[1]  Xiang Zhang,et al.  Character-level Convolutional Networks for Text Classification , 2015, NIPS.

[2]  Yoon Kim,et al.  Convolutional Neural Networks for Sentence Classification , 2014, EMNLP.

[3]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[4]  Grigorios Tsoumakas,et al.  Multi-Label Classification: An Overview , 2007, Int. J. Data Warehous. Min..

[5]  Nora El-Gohary,et al.  Semantic NLP-Based Information Extraction from Construction Regulatory Documents for Automated Compliance Checking , 2016, J. Comput. Civ. Eng..

[6]  Anna-Sara Lind General Data Protection Regulation – final result , 2016 .

[7]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[8]  Mark J. Berger,et al.  Large Scale Multi-label Text Classification with Semantic Word Vectors , 2015 .

[9]  John Mylopoulos,et al.  GaiusT: supporting the extraction of rights and obligations for regulatory compliance , 2013, Requirements Engineering.

[10]  Era moderna até Health Insurance Portability and Accountability Act , 2011 .

[11]  Anup K. Kalia,et al.  Cataloger: Catalog Recommendation Service for IT Change Requests , 2017, ICSOC.

[12]  Lisa D. Arquette Federal Financial Institutions Examination Council Supervisory Policy Statement on Investment Securities and End-user Derivatives Activities , 2010 .

[13]  Zhi-Hua Zhou,et al.  ML-KNN: A lazy learning approach to multi-label learning , 2007, Pattern Recognit..

[14]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[15]  Tomas Mikolov,et al.  Bag of Tricks for Efficient Text Classification , 2016, EACL.

[16]  Larisa Shwartz,et al.  Knowledge Guided Hierarchical Multi-Label Classification Over Ticket Data , 2017, IEEE Transactions on Network and Service Management.

[17]  Karuna Pande Joshi,et al.  A Semantic Approach to Cloud Security and Compliance , 2015, 2015 IEEE 8th International Conference on Cloud Computing.

[18]  Piotr Szymanski,et al.  A scikit-based Python environment for performing multi-label classification , 2017, ArXiv.

[19]  Guy Lapalme,et al.  A systematic analysis of performance measures for classification tasks , 2009, Inf. Process. Manag..

[20]  Jason Weston,et al.  Natural Language Processing (Almost) from Scratch , 2011, J. Mach. Learn. Res..

[21]  Constantin Adam,et al.  Continuous Compliance: Experiences, Challenges, and Opportunities , 2018, 2018 IEEE World Congress on Services (SERVICES).

[22]  Dirk Husemann,et al.  Automatic Classification of Change Requests for Improved IT Service Quality , 2011, 2011 Annual SRII Global Conference.

[23]  Ron Lepofsky Payment Card Industry (PCI) Data Security Standard Template for Report on Compliance for use with PCI DSS v3.0 , 2014 .

[24]  Grigorios Tsoumakas,et al.  Random k -Labelsets: An Ensemble Method for Multilabel Classification , 2007, ECML.

[25]  Geoff Holmes,et al.  Classifier chains for multi-label classification , 2009, Machine Learning.