You are here: silicon.com > Resources > White Papers > Security > Security Administration > Security Standards

Security Standards White Papers

The Simple Information Security Audit Process: SISAP

Tags:
security standards

Overview The SISAP (Simple Information Security Audit Process) is a dynamic security audit methodology fully compliant with the ISO 17799 and BS 7799.2, and conformant with the ISO 14508 in terms of its functionality guidelines. The SISAP employs a simulation-based rule base generator that balances risks and business value generation capabilities using the Plan-Do-Check-Act cycle imposed in BS 7799.2. The SISAP employs a concept proof approach based on 10 information security best practices investigation sections, 36 information security objectives, and 127 information security requirements, as specified in the ISO 17799. The auditor may apply, for collecting, analyzing, and fusing audit evidence obtained at various audit steps, selected analytical models like certainty factors, probabilities, fuzzy sets, and basic belief assignments.

Further White Paper Details
Publisher	Pace University	File Format	PDF
Date Published	June 2006
Format	White Papers
Topics	Security Standards, Security Management, Best Practices

Did you find this white paper useful? 8 out of 15 users found this white paper useful

NAC 2.0: A new model for a more secure future

Publisher:
Sophos

Reducing Total Cost of Security Ownership

Publisher:
SonicWALL

Take a holistic approach to business-driven security

Publisher:
IBM

Symantec Control Compliance Suite (CCS) 9.0 Sneak Peek

Publisher:
Symantec

Extending PCI Compliance to the Mobile Workforce

Publisher:
Fiberlink Communications

The Value Proposition: the Y2K ransom theory

The mainframe systems that were the focus of the Y2K programme are now more valuable as century compliant systems and companies will be reluctant to write them off. At the level of the business unit that relies on that application someone had...

Channel:
Comment & Analysis

UK firms' security flaws an open door to hackers

High-risk vulnerabilities have dived to six per cent from 19 per cent in 2001, according to the Fifth Annual Security Audit from NTA Monitor, which analysed more than 600 of its perimeter tests carried out for government and financial clients last...

Channel:
Security Strategy

Software piracy - the BSA want to help you to be compliant

The excuses among non-compliant companies seem to be that there isn't enough time to be compliant or they lack the proper processes, rather than a deliberate fondness for knocked-off software. Being compliant can also cost less than letting...

Channel:
Compliance

Ohio University leaves 'backdoor' open for a year

How a server could be left open to intruders is still under investigation. Asked why, when so many academic institutions are succumbing to computer attacks, Ohio University wasn't quicker to order a security audit, Sams replied: "Should we have?

Give us more power, says data protection watchdog

The UK's data protection watchdog wants to be given more power to check companies are compliant with privacy laws. The commissioner also called for "privacy impact assessments" to make sure businesses tackle all the risks of new surveillance plans...

Channel:
Public Sector
Tags:
surveillance

HMRC's missing discs: Just a warning shot

Of course, we should not forget the government has just announced the Information Commissioner will be given the right to audit public bodies, which on any analysis is an improvement on the present position.

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Security Standards White Papers

The Simple Information Security Audit Process: SISAP

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific