Towards end-to-end Continuous Monitoring of Compliance Status Across Multiple Requirements
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2018, Vol 9, Issue 12
Abstract
Monitoring compliance status by an organization has been historically difficult due to the growing number of compliance requirements being imposed by various standards, frameworks, and regulatory requirements. Existing practices by organizations even with the assistance of security tools and appliances is mostly manual in nature as there is still a need for a human expert to interpret and map the reports generated by various solutions to actual requirements as stated in various compliance documents. As the number of requirements increases, this process is becoming either too costly or impractical to manage by the organization. Aside from the numerous requirements, multiple of these documents actually overlap in terms of domains and actual requirements. However, since current tools do not directly map and highlight overlaps as well as generate detailed gap reports, an organization would perform compliance activities redundantly across multiple requirements thereby increasing cost as well. In this paper, we present an approach that attempts to provide an end-to-end solution from compliance document requirements to actual verification and validation of implementation for audit purposes with the intention of automating compliance status monitoring as well as providing the ability to have continuous compliance monitoring as well as reducing the redundant efforts that an organization embarks on for multiple compliance requirements. This research thru enhancing existing security ontologies to model compliance documents and applying information extraction practices would allow for overlapping requirements to be identified and gaps to be clearly explained to the organization. Thru the use of secure systems development lifecycle, and heuristics the research also provide a mechanism to automate the technical validation of compliance statuses thereby allowing for continuous monitoring as well as mapping to the enhanced ontology to allow reusability via conceptual mapping of multiple standards and requirements. Practices such as unit testing and continuous integration from secure systems development life cycle are incorporated to allow for flexibility of the automation process while at the same time using it to support the mapping between compliance requirements.
Authors and Affiliations
Danny C. Cheng, Jod B. Villamarin, Gregory Cu, Nathalie Rose Lim-Cheng
Keywords
Related Articles
- EP ID EP429220
- DOI 10.14569/IJACSA.2018.091264
- Views 91
- Downloads 0
Minimizing Information Asymmetry Interference using Optimal Channel Assignment Strategy in Wireless Mesh Networks
Multi-radio multi-channel wireless mesh networks (MRMC-WMNs) in recent years are considered as the prioritized choice for users due to its low cost and reliability. MRMC-WMNs is recently been deployed widely across the w...
An Spin / Promela Application for Model checking UML Sequence Diagrams
UML sequence diagrams usually represent the behavior of systems execution. Automated verification of UML sequence diagrams’ correctness is necessary because they can model critical algorithmic behaviors of information sy...
A Cascaded H-Bridge Multilevel Inverter with SOC Battery Balancing
In this paper, we present a single phase 5 levels H-Bridge multilevel inverter (CHMLI) with battery balancing technique. Each single full bridge is directly connected to a battery inside the power bank. The different com...
Segmentation and Recognition of Handwritten Kannada Text Using Relevance Feedback and Histogram of Oriented Gradients – A Novel Approach
India is a multilingual country with 22 official languages and more than 1600 languages in existence. Kannada is one of the official languages and widely used in the state of Karnataka whose population is over 65 million...
A Systematic Report on Issue and Challenges during Requirement Elicitation
We say that researchers made a lot of contribution in requirement engineering by introducing many helpful tools and efficient methods for Requirement Engineering (RE) but simultaneously this field demands more research t...