Abstract
Examples of different types of assessments are all around us, providing our assurance that the goods we use won’t harm us, that the system components will work correctly, that services are being delivered consistently, that manufacturers are effectively managing the impact of their activities on health, safety, and the environment, etc. One of the essential forms of assessment is a compliance assessment designed to check how the requirements of regulatory documents to ensure information security (IS) are fulfilled or not on the assessment object, for example, a product, process, system, or service. This short paper discusses work-in-progress results as a part of research aimed at determining the ways of possible improvement, unification and greater formalization of an objective assessment of compliance with the mandatory requirements of regulatory documents on ensuring IS for the selected assessment objects based on the development of recommendations for applying a risk-based approach.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ISO 9000:2015 quality management systems—fundamentals and vocabulary (2015)
ISO/IEC 27007:2017 information technology—security techniques—guidelines for information security management systems auditing (2017)
ISO/IEC 17000:2004 conformity assessment—vocabulary and general principles (2004)
Metivier, B.: Cybersecurity compliance assessments: it’s all about interpretation (2017). https://www.sagedatasecurity.com/blog/cybersecurity-compliance-assessments-its-all-about-interpretation. Accessed 13 Oct 2019
ISO 31000:2018 risk management—guidelines (2018)
Acknowledgment
This work was supported by the MEPhI Academic Excellence Project (agreement with the Ministry of Education and Science of the Russian Federation of August 27, 2013, project no. 02.a03.21.0005).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Miloslavskaya, N., Tolstaya, S. (2020). On the Assessment of Compliance with the Requirements of Regulatory Documents to Ensure Information Security. In: Rocha, Á., Adeli, H., Reis, L., Costanzo, S., Orovic, I., Moreira, F. (eds) Trends and Innovations in Information Systems and Technologies. WorldCIST 2020. Advances in Intelligent Systems and Computing, vol 1160. Springer, Cham. https://doi.org/10.1007/978-3-030-45691-7_74
Download citation
DOI: https://doi.org/10.1007/978-3-030-45691-7_74
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45690-0
Online ISBN: 978-3-030-45691-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)