Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Modelling Inter-organizational Workflow Security in a Peer-to-Peer Environment
ICWS '05 Proceedings of the IEEE International Conference on Web Services
A framework for concrete reputation-systems with applications to history-based access control
Proceedings of the 12th ACM conference on Computer and communications security
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Mining metrics to predict component failures
Proceedings of the 28th international conference on Software engineering
On the Brittleness of Software and the Infeasibility of Security Metrics
IEEE Security and Privacy
Requirements engineering for trust management: model, methodology, and reasoning
International Journal of Information Security
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
From Trust to Dependability through Risk Analysis
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
The new school of information security
The new school of information security
IT Control Objectives for Basel II - The Importance of Governance and Risk Management for Compliance
IT Control Objectives for Basel II - The Importance of Governance and Risk Management for Compliance
A policy language for distributed usage control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
Advanced methodologies for compliance such as CobiT identify a number of maturity levels that must be reached: first the existence of an infrastructure for the enforcement of security controls; second, the ability to continuously monitor and audit quantifiable indicators for the controls put in place; and third, the ability to react when a policy violation is detected. In this paper, we go further and define a governance and compliance maturity model (GoCoMM) that is process-oriented. As an instance of the highest level of governance and compliance, we suggest a method of goal correlation that provides measurable indicators of security and compliance by systematically refining business processes and regulatory goals. We also introduce a run-time architecture to support this model.