Towards end-to-end Continuous Monitoring of Compliance Status Across Multiple Requirements
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2018, Vol 9, Issue 12
Abstract
Monitoring compliance status by an organization has been historically difficult due to the growing number of compliance requirements being imposed by various standards, frameworks, and regulatory requirements. Existing practices by organizations even with the assistance of security tools and appliances is mostly manual in nature as there is still a need for a human expert to interpret and map the reports generated by various solutions to actual requirements as stated in various compliance documents. As the number of requirements increases, this process is becoming either too costly or impractical to manage by the organization. Aside from the numerous requirements, multiple of these documents actually overlap in terms of domains and actual requirements. However, since current tools do not directly map and highlight overlaps as well as generate detailed gap reports, an organization would perform compliance activities redundantly across multiple requirements thereby increasing cost as well. In this paper, we present an approach that attempts to provide an end-to-end solution from compliance document requirements to actual verification and validation of implementation for audit purposes with the intention of automating compliance status monitoring as well as providing the ability to have continuous compliance monitoring as well as reducing the redundant efforts that an organization embarks on for multiple compliance requirements. This research thru enhancing existing security ontologies to model compliance documents and applying information extraction practices would allow for overlapping requirements to be identified and gaps to be clearly explained to the organization. Thru the use of secure systems development lifecycle, and heuristics the research also provide a mechanism to automate the technical validation of compliance statuses thereby allowing for continuous monitoring as well as mapping to the enhanced ontology to allow reusability via conceptual mapping of multiple standards and requirements. Practices such as unit testing and continuous integration from secure systems development life cycle are incorporated to allow for flexibility of the automation process while at the same time using it to support the mapping between compliance requirements.
Authors and Affiliations
Danny C. Cheng, Jod B. Villamarin, Gregory Cu, Nathalie Rose Lim-Cheng
Keywords
Related Articles
- EP ID EP429220
- DOI 10.14569/IJACSA.2018.091264
- Views 94
- Downloads 0
An approach for Teaching of National Languages and Cultures through ICT in Cameroon
This article describes the input of ICT to the modernization of teaching national languages and cultures in order to promote cultural diversity as well as dissemination of scientific knowledge through national languages....
Customer Value Proposition for E-Commerce: A Case Study Approach
E-Commerce tools have become a human needs everywhere and important not only to customers but to industry players. The intention to use E-Commerce tools among practitioners, especially in the Malaysian retail sector is n...
A New Design of in-Memory File System based on File Virtual Address Framework
Rapid growth in technology is increasing day by day that demands computer systems to work better, should be reliable and have faster performance with fair cost and best functionalities. In the modern era of technology, m...
A Parallel Hybrid-Testing Tool Architecture for a Dual-Programming Model
High-Performance Computing (HPC) recently has become important in several sectors, including the scientific and manufacturing fields. The continuous growth in building more powerful super machines has become noticeable,...
Discrete-Time Approximation for Nonlinear Continuous Systems with Time Delays
This paper is concerned with the discretization of nonlinear continuous time delay systems. Our approach is based on Taylor-Lie series. The main idea aims to minimize the effect of the delay and neglects the importance o...