• DocumentCode
    1923621
  • Title

    Automated Audit of Compliance and Security Controls

  • Author

    Koschorreck, Gerhard

  • Author_Institution
    UPW ProjectServices GmbH, Bensheim, Germany
  • fYear
    2011
  • fDate
    10-12 May 2011
  • Firstpage
    137
  • Lastpage
    148
  • Abstract
    This paper gives an overview of the existing standards to describe security content. We discuss the challenges security organizations are facing and present approaches for automation of security checks. The OVAL and XCCDF languages are examined in greater detail and an example for their use is given. We describe use cases for these languages and explain the benefits of their deployment.
  • Keywords
    XML; security of data; OVAL; XCCDF; automated audit; compliance; security checks; security controls; Guidelines; Humans; Information security; Organizations; Software; Standards organizations; OCIL; OVAL; XCCDF; automated audit; security control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on
  • Conference_Location
    Stuttgart
  • Print_ISBN
    978-1-4577-0146-7
  • Type

    conf

  • DOI
    10.1109/IMF.2011.12
  • Filename
    5931118
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1923621