Skip to main content
SpringerLink
Log in

Security Compliance Monitoring – The next Evolution of Information Security Management?!

  • Chapter
ISSE 2013 Securing Electronic Business Processes

  • 937 Accesses

Abstract

The status of information security becomes more and more relevant for management representatives. Therefore, the information security function has to provide relevant information in a way business understands. Furthermore, the demand for accurate and timely information about security compliance or key information risks is increasing.

Normally, senior management receives nowadays feedback regarding the information security status based on different heterogeneous ways like internal/external audit reports, self assessment reports, control assessment reports or specific system reporting.

SCM is a tool-based approach that correlates security information from different sources, assesses this information based on relevant controls, enriches the results with business context information, and provides meaningful views to stakeholders for making an informed decision.

The paper describes the methodology for security compliance monitoring as well as technical aspects like an overall architecture. In addition to describing each component in detail, the paper outlines a use case for a complex risk-based control example in the telecommunication industry and how SCM has been used to address this management issue.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Bundesamt für Sicherheit in der Informationstechnik (Federal Offi ce for Information Security, Germany): Leitfaden Informationssicherheit (Guideline Information Security), Bundesamt für Sicherheit in der Informationstechnik, Bonn, 2012

    Google Scholar 

  2. Dataloss.org: Data Loss Statistics, http://datalossdb.org/statistics,2013

  3. Symantec: Internet Security Th reat Report, Symantec, Mountain View, 2013 http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf

Download references

Author information

Authors and Affiliations

  1. KPMG AG Wirtschaftsprüfungsgesellschaft, Alfredstrasse 277, 45133, Essen, Germany

    Marko Vogel & Vinzent Broer

Authors
  1. Marko Vogel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vinzent Broer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TeleTrusT – Bundesverband IT-Sicherheit e.V., Erfurt, Germany

    Helmut Reimer

  2. Gelsenkirchen, Germany

    Norbert Pohlmann

  3. Darmstadt, Germany

    Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Fachmedien Wiesbaden

About this chapter

Cite this chapter

Vogel, M., Broer, V. (2013). Security Compliance Monitoring – The next Evolution of Information Security Management?!. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-658-03371-2_16

  • Publisher Name: Springer Vieweg, Wiesbaden

  • Print ISBN: 978-3-658-03370-5

  • Online ISBN: 978-3-658-03371-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation