The SISAP (Simple Information Security Audit Process) is a dynamic security audit methodology fully compliant with the ISO 17799 and BS 7799.2, and conformant with the ISO 14508 in terms of its functionality guidelines. The SISAP employs a simulation-based rule base generator that balances risks and business value generation capabilities using the Plan-Do-Check-Act cycle imposed in BS 7799.2. The SISAP employs a concept proof approach based on 10 information security best practices investigation sections, 36 information security objectives, and 127 information security requirements, as specified in the ISO 17799. The auditor may apply, for collecting, analyzing, and fusing audit evidence obtained at various audit steps, selected analytical models like certainty factors, probabilities, fuzzy sets, and basic belief assignments.
Did you find this white paper useful?
Related white papers
Accelerating Secure Business Applications Podcast
Download this Riverbed Connect podcast and listen as Bob Gilbert discusses with Mark Day, Riverbed's Chief Scientist, the details involving SSL encryption, SSL's impact on WAN optimization, and new wide-area...
Eroding Spam Filter Effectiveness: Bad for Business
As spammers and scammers continually introduce new and more sophisticated distribution techniques, organizations continue to see tremendous increases in spam and other email-borne threats--and the attacks are getting increasingly difficult...
Outbound Email and Data Loss Prevention in Today's Enterprise, 2008
How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint...
Extended Description Techniques for Security Engineering
There is a strong demand for techniques to aid development and modelling of security critical systems. Based on general security evaluation criteria, we show how to extend the system structure...
A Calculus for Cryptographic Protocols
We introduce the spi calculus, an extension of the pi calculus designed for describing and analyzing cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication...
Trust Web Services and XML Security Standards
Web services are self-contained, modular applications that can be described, published, located, and invoked over the Internet. Web services perform well-defined functions both for applications and other Web services, which...
Critics Blast FCC Wiretap Specs
Sweeping standards announced by the Federal Communications Commission would make all common carriers, including cable operators and utilities offering telecommunications services, subject to a controversial 1994 digital wiretap law. Critics...
