Talks and Poster Presentations (with Proceedings-Entry):
R. Montesino, S. Fenz:
"Information security automation: how far can we go?";
Talk: Sixth International Conference on Availability, Reliability, and Security (ARES 2011),
- 2011-08-26; in: "Proceedings of the Sixth International Conference on Availability, Reliability, and Security (ARES 2011)",
Information security management is a very complex task which involves the implementation and monitoring of more than 130 security controls. To achieve greater efficiency in this process it is necessary to automate as many controls as possible. This paper provides an analysis of how many controls can be automated, based on the standards ISO 27001 and NIST SP800-53. Furthermore, we take the automation potential of controls included in the Consensus Audit Guidelines into account. Finally, we provide an overview of security applications that support automation in the operation of information security controls to increase the efficiency of information security management.
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Created from the Publication Database of the Vienna University of Technology.