Please use this identifier to cite or link to this item:
https://doi.org/10.21256/zhaw-30377
Publication type: | Conference paper |
Type of review: | Peer review (publication) |
Title: | Towards automated information security governance |
Authors: | Trammell, Ariane Gehring, Benjamin Isele, Marco Spielmann, Yvo Zahnd, Valentin |
et. al: | No |
DOI: | 10.5220/0012357500003648 10.21256/zhaw-30377 |
Proceedings: | Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP |
Page(s): | 120 |
Pages to: | 127 |
Conference details: | 10th International Conference on Information Systems Security and Privacy (ICISSP), Rome, Italy, 26-28 February 2024 |
Issue Date: | 2024 |
Publisher / Ed. Institution: | SciTePress |
ISBN: | 978-989-758-683-5 |
Language: | English |
Subjects: | Security management; Security control; Governance risk and compliance (GRC); Automation |
Subject (DDC): | 005: Computer programming, programs and data 658: General Management |
Abstract: | Securing a company is not an easy task. Many organizations such as NIST, CIS, or ISO offer frameworks that offer comprehensive security measures. However, those frameworks are generally large and require expert knowledge to be tailored to a given organization. Since such experts are rare, we propose an automated solution that selects security controls and prioritizes them according to an organizations need. We performed initial steps towards the implementation of the proposed solution by evaluating how Natural Language Processing can be used to select security controls that are relevant for the assets of a company and by showing that we can prioritize the selected controls based on the current threat landscape. We expect the proposed solution to be a major benefit for all organizations that intend to improve their security posture but are limited in specialized personnel. |
URI: | https://digitalcollection.zhaw.ch/handle/11475/30377 |
Fulltext version: | Published version |
License (according to publishing contract): | CC BY-NC-ND 4.0: Attribution - Non commercial - No derivatives 4.0 International |
Departement: | School of Engineering |
Organisational Unit: | Institute of Computer Science (InIT) |
Published as part of the ZHAW project: | Automated Information Security Governance and Risk Management |
Appears in collections: | Publikationen School of Engineering |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
2024_Trammell-etal_Towards-automated-information-security-governance.pdf | 493.42 kB | Adobe PDF | View/Open |
Show full item record
Trammell, A., Gehring, B., Isele, M., Spielmann, Y., & Zahnd, V. (2024). Towards automated information security governance [Conference paper]. Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP, 120–127. https://doi.org/10.5220/0012357500003648
Trammell, A. et al. (2024) ‘Towards automated information security governance’, in Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP. SciTePress, pp. 120–127. Available at: https://doi.org/10.5220/0012357500003648.
A. Trammell, B. Gehring, M. Isele, Y. Spielmann, and V. Zahnd, “Towards automated information security governance,” in Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP, 2024, pp. 120–127. doi: 10.5220/0012357500003648.
TRAMMELL, Ariane, Benjamin GEHRING, Marco ISELE, Yvo SPIELMANN und Valentin ZAHND, 2024. Towards automated information security governance. In: Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP. Conference paper. SciTePress. 2024. S. 120–127. ISBN 978-989-758-683-5
Trammell, Ariane, Benjamin Gehring, Marco Isele, Yvo Spielmann, and Valentin Zahnd. 2024. “Towards Automated Information Security Governance.” Conference paper. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP, 120–27. SciTePress. https://doi.org/10.5220/0012357500003648.
Trammell, Ariane, et al. “Towards Automated Information Security Governance.” Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP, SciTePress, 2024, pp. 120–27, https://doi.org/10.5220/0012357500003648.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.