Automation Possibilities in Information Security Management

Author

Montesino, Raydel ; Fenz, Stefan

Author_Institution

Inf. Security Dept., Univ. of Inf. Sci. (UCI), Havana, Cuba

fYear

2011

fDate

12-14 Sept. 2011

Firstpage

259

Lastpage

262

Abstract

Information security management, as defined in ISO 27001, deals with establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This paper provides an analysis about the automation possibilities in information security management. The analysis takes into account the potential of using (i) security ontologies in risk management, (ii) hard- and software systems for the automatic operation of certain security controls, and (iii) the Security Control Automation Protocol (SCAP) for automatically checking compliance and security configurations. The analysis results support organizations and security managers at identifying systems they can use to achieve greater efficiency in the information security management process.

Keywords

ISO standards; ontologies (artificial intelligence); risk management; security of data; ISO 27001; automation possibility; compliance checking; hardware system; information security management; risk management; security configuration; security control automation protocol; security ontologies; software system; Automation; ISO standards; Information security; Ontologies; Organizations; Standards organizations; automation; ontologies; security management; standards;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligence and Security Informatics Conference (EISIC), 2011 European

Conference_Location

Athens

Print_ISBN

978-1-4577-1464-1

Electronic_ISBN

978-0-7695-4406-9

Type

conf

DOI

10.1109/EISIC.2011.39

Filename

6061245