Abstract
IT audit is employed in business organizations to demonstrate they hold the control for the correct and efficient functioning of their IT infrastructure. It is slowly moving from a completely practitioners’ concern into a research domain. There is a need for identifying new methods that could facilitate an objective, real time and cost-effective assurance. This paper proposes a method to automate the IT audit process. Our approach is based on ontologies for formalizing the vast audit knowledge and on intelligent agents for real-time audit and risk assessment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sarbanes-Oxley Act of 2002. Public Law 107-204. U.S. Government Printing Office (2002), http://www.gpo.gov/fdsys/pkg/PLAW-107publ204/content-detail.html
The Health Insurance Portability and Accountability Act. U.S. Government Printing Office (1996), http://www.hipaa.org
An Architectural Blueprint for Autonomic Computing. IBM Autonomic Computing White Paper (June 2006)
Gallegos, F., Senft, S.: Information Technology Control and Audit, 3rd edn. Auerbach Publications (2008)
Wooldridge, M.: An Introduction to MultiAgent Systems, 2nd edn. John Wiley and Sons, Chichester (2009)
Bellifemine, F.L., Caire, G., Greenwood, D.: Developing Multi-Agent Systems with JADE. Wiley, Chichester (2007)
Jack white paper: An agent infrastructure for providing the decision-making capability required for autonomous systems, www.aosgrp.com/downloads/JACK_WhitePaper_UKAUS.pdf
Lange, D., Oshima, M.: Programming and Deploying Java Mobile Agents with Aglets. Addison-Wesley, Reading (1998)
Verma, D.C.: Principles of Computer Systems and Network Management. Springer, Heidelberg (2009)
Black, U.: Network Management Standards: SNMP, CMIP, TMN, MIBs, and Object Libraries. McGraw-Hill, New York (1994)
WSDM 1.1 OASIS Standard Specifications. OASIS Consortium (2006), http://www.oasis-open.org/committees/wsdm/
Tsoumas, B., Gritzalis, D.: Towards an ontology-based security management. In: Proceedings of the 20th International Conference on Advanced Information Networking and Applications, AINA 2006, vol. 01, pp. 985–992. IEEE Computer Society, Los Alamitos (2006)
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, pp. 183–194. ACM, New York (2009)
Special Publication 800-12: An Introduction to Computer Security - The NIST Handbook. NIST (1995), http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/index.html
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST SP 800-30
Cobit 4.1. IT Governance Institute (2010), http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ghiran, AM., Silaghi, G.C., Tomai, N. (2011). Deploying an Agent Platform to Automate the IT Infrastructure Auditing Process. In: Abramowicz, W. (eds) Business Information Systems. BIS 2011. Lecture Notes in Business Information Processing, vol 87. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21863-7_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-21863-7_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21829-3
Online ISBN: 978-3-642-21863-7
eBook Packages: Computer ScienceComputer Science (R0)