F. Buccafurri, Lidia Fotia, A. Furfaro, A. Garro, Matteo Giacalone, A. Tundis
{"title":"An analytical processing approach to supporting cyber security compliance assessment","authors":"F. Buccafurri, Lidia Fotia, A. Furfaro, A. Garro, Matteo Giacalone, A. Tundis","doi":"10.1145/2799979.2800007","DOIUrl":null,"url":null,"abstract":"Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provisions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increasing in system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th International Conference on Security of Information and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2799979.2800007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provisions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increasing in system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
