Swipe to navigate through the chapters of this book
The status of information security becomes more and more relevant for management representatives. Therefore, the information security function has to provide relevant information in a way business understands. Furthermore, the demand for accurate and timely information about security compliance or key information risks is increasing.
Normally, senior management receives nowadays feedback regarding the information security status based on different heterogeneous ways like internal/external audit reports, self assessment reports, control assessment reports or specific system reporting.
SCM is a tool-based approach that correlates security information from different sources, assesses this information based on relevant controls, enriches the results with business context information, and provides meaningful views to stakeholders for making an informed decision.
The paper describes the methodology for security compliance monitoring as well as technical aspects like an overall architecture. In addition to describing each component in detail, the paper outlines a use case for a complex risk-based control example in the telecommunication industry and how SCM has been used to address this management issue.
Please log in to get access to this content
go back to reference Bundesamt für Sicherheit in der Informationstechnik (Federal Offi ce for Information Security, Germany): Leitfaden Informationssicherheit (Guideline Information Security), Bundesamt für Sicherheit in der Informationstechnik, Bonn, 2012 Bundesamt für Sicherheit in der Informationstechnik (Federal Offi ce for Information Security, Germany): Leitfaden Informationssicherheit (Guideline Information Security), Bundesamt für Sicherheit in der Informationstechnik, Bonn, 2012
go back to reference Dataloss.org: Data Loss Statistics, http://datalossdb.org/statistics,2013 Dataloss.org: Data Loss Statistics, http://datalossdb.org/statistics,2013
go back to reference Symantec: Internet Security Th reat Report, Symantec, Mountain View, 2013 http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf Symantec: Internet Security Th reat Report, Symantec, Mountain View, 2013 http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf
- Security Compliance Monitoring – The next Evolution of Information Security Management?!
- Copyright Year
- Springer Fachmedien Wiesbaden