Skip to main content


Swipe to navigate through the chapters of this book

2013 | OriginalPaper | Chapter

Security Compliance Monitoring – The next Evolution of Information Security Management?!

Authors: Marko Vogel, Vinzent Broer

Published in: ISSE 2013 Securing Electronic Business Processes

Publisher: Springer Fachmedien Wiesbaden



The status of information security becomes more and more relevant for management representatives. Therefore, the information security function has to provide relevant information in a way business understands. Furthermore, the demand for accurate and timely information about security compliance or key information risks is increasing.
Normally, senior management receives nowadays feedback regarding the information security status based on different heterogeneous ways like internal/external audit reports, self assessment reports, control assessment reports or specific system reporting.
SCM is a tool-based approach that correlates security information from different sources, assesses this information based on relevant controls, enriches the results with business context information, and provides meaningful views to stakeholders for making an informed decision.
The paper describes the methodology for security compliance monitoring as well as technical aspects like an overall architecture. In addition to describing each component in detail, the paper outlines a use case for a complex risk-based control example in the telecommunication industry and how SCM has been used to address this management issue.
Security Compliance Monitoring – The next Evolution of Information Security Management?!
Marko Vogel
Vinzent Broer
Copyright Year
Springer Fachmedien Wiesbaden

Premium Partner