Automation Possibilities in Information Security Management

Information security management, as defined in ISO 27001, deals with establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This paper provides an analysis about the automation possibilities in information security manageme...

Full description

Saved in:
Bibliographic Details
Main Authors: Montesino, R., Fenz, S.
Format: Conference Proceeding
Language:English
Subjects:
Automation
Information security
ISO standards
Ontologies
Organizations
security management
Standards organizations
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 262
container_issue
container_start_page 259
container_title
container_volume
creator Montesino, R.
Fenz, S.
description Information security management, as defined in ISO 27001, deals with establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This paper provides an analysis about the automation possibilities in information security management. The analysis takes into account the potential of using (i) security ontologies in risk management, (ii) hard- and software systems for the automatic operation of certain security controls, and (iii) the Security Control Automation Protocol (SCAP) for automatically checking compliance and security configurations. The analysis results support organizations and security managers at identifying systems they can use to achieve greater efficiency in the information security management process.
doi_str_mv 10.1109/EISIC.2011.39
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6061245</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6061245</ieee_id><sourcerecordid>6061245</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-83299256979b074144b7c42f9d88c2c77dab8a8454119f7324b6f050d3be806d3</originalsourceid><addsrcrecordid>eNotj01Lw0AUAFdEUNscPXnJH0h8b_ftF55KqDVQsdDey26ykYUmkWR76L9Xsac5DAwMY08IJSLYl3W9r6uSA2Ip7A17BK2sJAKFtyyz2iBJrZEU4T3L5jl64EorRZw_sNfVOY29S3Ec8t34J-MpphjmPA55PXTjdJX70JynmC75hxvcV-jDkJbsrnOnOWRXLtjhbX2o3ovt56auVtsiWkiFEdxaLpXV1oMmJPK6Id7Z1piGN1q3zhtnSBKi7bTg5FUHElrhgwHVigV7_s_GEMLxe4q9my5H9bvHSYofQKlHTg</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Automation Possibilities in Information Security Management</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Montesino, R. ; Fenz, S.</creator><creatorcontrib>Montesino, R. ; Fenz, S.</creatorcontrib><description>Information security management, as defined in ISO 27001, deals with establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This paper provides an analysis about the automation possibilities in information security management. The analysis takes into account the potential of using (i) security ontologies in risk management, (ii) hard- and software systems for the automatic operation of certain security controls, and (iii) the Security Control Automation Protocol (SCAP) for automatically checking compliance and security configurations. The analysis results support organizations and security managers at identifying systems they can use to achieve greater efficiency in the information security management process.</description><identifier>ISBN: 9781457714641</identifier><identifier>ISBN: 1457714647</identifier><identifier>EISBN: 0769544061</identifier><identifier>EISBN: 9780769544069</identifier><identifier>DOI: 10.1109/EISIC.2011.39</identifier><language>eng</language><publisher>IEEE</publisher><subject>Automation ; Information security ; ISO standards ; Ontologies ; Organizations ; security management ; Standards organizations</subject><ispartof>2011 European Intelligence and Security Informatics Conference, 2011, p.259-262</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6061245$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6061245$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Montesino, R.</creatorcontrib><creatorcontrib>Fenz, S.</creatorcontrib><title>Automation Possibilities in Information Security Management</title><title>2011 European Intelligence and Security Informatics Conference</title><addtitle>eisic</addtitle><description>Information security management, as defined in ISO 27001, deals with establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This paper provides an analysis about the automation possibilities in information security management. The analysis takes into account the potential of using (i) security ontologies in risk management, (ii) hard- and software systems for the automatic operation of certain security controls, and (iii) the Security Control Automation Protocol (SCAP) for automatically checking compliance and security configurations. The analysis results support organizations and security managers at identifying systems they can use to achieve greater efficiency in the information security management process.</description><subject>Automation</subject><subject>Information security</subject><subject>ISO standards</subject><subject>Ontologies</subject><subject>Organizations</subject><subject>security management</subject><subject>Standards organizations</subject><isbn>9781457714641</isbn><isbn>1457714647</isbn><isbn>0769544061</isbn><isbn>9780769544069</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotj01Lw0AUAFdEUNscPXnJH0h8b_ftF55KqDVQsdDey26ykYUmkWR76L9Xsac5DAwMY08IJSLYl3W9r6uSA2Ip7A17BK2sJAKFtyyz2iBJrZEU4T3L5jl64EorRZw_sNfVOY29S3Ec8t34J-MpphjmPA55PXTjdJX70JynmC75hxvcV-jDkJbsrnOnOWRXLtjhbX2o3ovt56auVtsiWkiFEdxaLpXV1oMmJPK6Id7Z1piGN1q3zhtnSBKi7bTg5FUHElrhgwHVigV7_s_GEMLxe4q9my5H9bvHSYofQKlHTg</recordid><startdate>201109</startdate><enddate>201109</enddate><creator>Montesino, R.</creator><creator>Fenz, S.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201109</creationdate><title>Automation Possibilities in Information Security Management</title><author>Montesino, R. ; Fenz, S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-83299256979b074144b7c42f9d88c2c77dab8a8454119f7324b6f050d3be806d3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Automation</topic><topic>Information security</topic><topic>ISO standards</topic><topic>Ontologies</topic><topic>Organizations</topic><topic>security management</topic><topic>Standards organizations</topic><toplevel>online_resources</toplevel><creatorcontrib>Montesino, R.</creatorcontrib><creatorcontrib>Fenz, S.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Montesino, R.</au><au>Fenz, S.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Automation Possibilities in Information Security Management</atitle><btitle>2011 European Intelligence and Security Informatics Conference</btitle><stitle>eisic</stitle><date>2011-09</date><risdate>2011</risdate><spage>259</spage><epage>262</epage><pages>259-262</pages><isbn>9781457714641</isbn><isbn>1457714647</isbn><eisbn>0769544061</eisbn><eisbn>9780769544069</eisbn><abstract>Information security management, as defined in ISO 27001, deals with establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This paper provides an analysis about the automation possibilities in information security management. The analysis takes into account the potential of using (i) security ontologies in risk management, (ii) hard- and software systems for the automatic operation of certain security controls, and (iii) the Security Control Automation Protocol (SCAP) for automatically checking compliance and security configurations. The analysis results support organizations and security managers at identifying systems they can use to achieve greater efficiency in the information security management process.</abstract><pub>IEEE</pub><doi>10.1109/EISIC.2011.39</doi><tpages>4</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9781457714641
ispartof 2011 European Intelligence and Security Informatics Conference, 2011, p.259-262
issn
language eng
recordid cdi_ieee_primary_6061245
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Automation
Information security
ISO standards
Ontologies
Organizations
security management
Standards organizations
title Automation Possibilities in Information Security Management
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-07T18%3A50%3A42IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Automation%20Possibilities%20in%20Information%20Security%20Management&rft.btitle=2011%20European%20Intelligence%20and%20Security%20Informatics%20Conference&rft.au=Montesino,%20R.&rft.date=2011-09&rft.spage=259&rft.epage=262&rft.pages=259-262&rft.isbn=9781457714641&rft.isbn_list=1457714647&rft_id=info:doi/10.1109/EISIC.2011.39&rft.eisbn=0769544061&rft.eisbn_list=9780769544069&rft_dat=%3Cieee_6IE%3E6061245%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i90t-83299256979b074144b7c42f9d88c2c77dab8a8454119f7324b6f050d3be806d3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6061245&rfr_iscdi=true