GoCoMM: a governance and compliance maturity model

Authors:
Gabriela Gheorghe;Fabio Massacci;Stephan Neuhaus;Alexander Pretschner
Affiliations:
University of Trento, Trento, Italy;University of Trento, Trento, Italy;University of Trento, Trento, Italy;Fraunhofer IESE and TU Kaiserslautern, Kaiserslautern, Germany
Venue:
Proceedings of the first ACM workshop on Information security governance
Year:
2009

Citing 15
Cited 0

Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Delegation of Obligations

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Modelling Inter-organizational Workflow Security in a Peer-to-Peer Environment

ICWS '05 Proceedings of the IEEE International Conference on Web Services
A framework for concrete reputation-systems with applications to history-based access control

Proceedings of the 12th ACM conference on Computer and communications security
Computability classes for enforcement mechanisms

ACM Transactions on Programming Languages and Systems (TOPLAS)
Mining metrics to predict component failures

Proceedings of the 28th international conference on Software engineering
On the Brittleness of Software and the Infeasibility of Security Metrics

IEEE Security and Privacy
Requirements engineering for trust management: model, methodology, and reasoning

International Journal of Information Security
Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt
From Trust to Dependability through Risk Analysis

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
The new school of information security

The new school of information security
IT Control Objectives for Basel II - The Importance of Governance and Risk Management for Compliance

IT Control Objectives for Basel II - The Importance of Governance and Risk Management for Compliance
A policy language for distributed usage control

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Advanced methodologies for compliance such as CobiT identify a number of maturity levels that must be reached: first the existence of an infrastructure for the enforcement of security controls; second, the ability to continuously monitor and audit quantifiable indicators for the controls put in place; and third, the ability to react when a policy violation is detected. In this paper, we go further and define a governance and compliance maturity model (GoCoMM) that is process-oriented. As an instance of the highest level of governance and compliance, we suggest a method of goal correlation that provides measurable indicators of security and compliance by systematically refining business processes and regulatory goals. We also introduce a run-time architecture to support this model.