Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provi- sions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increase of system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.

An Analytical Processing Approach to Supporting Cyber-Security Compliance Assessment

FURFARO, Angelo;GARRO, Alfredo;Tundis A.
2015

Abstract

Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provi- sions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increase of system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.
978-1-4503-3453-2
Management of Computing and Information Systems; Security and Protection; Electronic Commerce
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.11770/180217
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? ND
social impact