Title :
On Optimizing the Path to Information Security Compliance
Author :
Dieguez, Martin ; Sepulveda, S. ; Cares, Carlos
Author_Institution :
Dept. of Syst. Eng., Univ. of La Frontera, Temuco, Chile
Abstract :
Information Security Management has been contemporarily confronted by standards covering business aspects related to Information Technology. Different standards map the problem of information security to a set of controls that represent safeguards for different security vulnerabilities. Several procedure-oriented maturity models have been proposed for managing the progress on information security, however, few approaches use quantitative techniques for analyzing the progress on information security. In this paper we propose that the problem of becoming security compliance can be analyzed as a problem of multi-paths where checking different controls means choosing different ways of reaching a security compliance. We identify a set of concepts from security ontologies in order to identify a set of variables influencing these paths. The main contribution is formulating the problem of reaching some standard compliance in the shape of optimization problems, thus existing optimization techniques can be applicable.
Keywords :
ontologies (artificial intelligence); optimisation; security of data; information security compliance; information security management; multi-paths; optimization problems; procedure-oriented maturity models; quantitative techniques; security ontologies; ISO27002; Information Security;
Conference_Titel :
Quality of Information and Communications Technology (QUATIC), 2012 Eighth International Conference on the
Conference_Location :
Lisbon
Print_ISBN :
978-1-4673-2345-1
DOI :
10.1109/QUATIC.2012.44
