Abstract
The status of information security becomes more and more relevant for management representatives. Therefore, the information security function has to provide relevant information in a way business understands. Furthermore, the demand for accurate and timely information about security compliance or key information risks is increasing.
Normally, senior management receives nowadays feedback regarding the information security status based on different heterogeneous ways like internal/external audit reports, self assessment reports, control assessment reports or specific system reporting.
SCM is a tool-based approach that correlates security information from different sources, assesses this information based on relevant controls, enriches the results with business context information, and provides meaningful views to stakeholders for making an informed decision.
The paper describes the methodology for security compliance monitoring as well as technical aspects like an overall architecture. In addition to describing each component in detail, the paper outlines a use case for a complex risk-based control example in the telecommunication industry and how SCM has been used to address this management issue.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bundesamt für Sicherheit in der Informationstechnik (Federal Offi ce for Information Security, Germany): Leitfaden Informationssicherheit (Guideline Information Security), Bundesamt für Sicherheit in der Informationstechnik, Bonn, 2012
Dataloss.org: Data Loss Statistics, http://datalossdb.org/statistics,2013
Symantec: Internet Security Th reat Report, Symantec, Mountain View, 2013 http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Vogel, M., Broer, V. (2013). Security Compliance Monitoring – The next Evolution of Information Security Management?!. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-658-03371-2_16
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-03370-5
Online ISBN: 978-3-658-03371-2
eBook Packages: Computer ScienceComputer Science (R0)