Logo des Repositoriums
 

Towards data-driven decision support for organizational IT security audits

dc.contributor.authorBrunner, Michael
dc.contributor.authorSillaber, Christian
dc.contributor.authorDemetz, Lukas
dc.contributor.authorManhart, Markus
dc.contributor.authorBreu, Ruth
dc.date.accessioned2021-06-21T10:12:43Z
dc.date.available2021-06-21T10:12:43Z
dc.date.issued2018
dc.description.abstractAs the IT landscape of organizations increasingly needs to comply with various laws and regulations, organizations manage a plethora of security-related data and have to verify the adequacy and effectiveness of their security controls through internal and external audits. Existing Governance, Risk and Compliance (GRC) approaches provide little support for auditors or are tailored to the needs of auditors and do not fully support required management activities of the auditee. To address this gap and move towards a holistic solution, a data-driven approach is proposed. Following the design science research paradigm, a data-driven approach for audit data management and analytics that addresses organizational needs as well as requirements for audit data analytics was developed. We contribute workflow support and associated data models to support auditing and security decision making processes. The evaluation shows the viability of the proposed IT artifact and its potential to reduce costs and complexity of security management processes and IT security audits. By developing a model and associated decision support workflows for the entire IT security audit lifecycle, we present a solution for both the auditee and the auditor. This is useful to developers of GRC tools, vendors, auditors and organizational decision makers.en
dc.identifier.doi10.1515/itit-2018-0002
dc.identifier.pissn2196-7032
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/36616
dc.language.isoen
dc.publisherDe Gruyter
dc.relation.ispartofit - Information Technology: Vol. 60, No. 4
dc.subjectIT Security Audit Decision Support
dc.subjectAudit Data
dc.subjectAudit Data Workflow Management
dc.subjectIT Security Management Data
dc.titleTowards data-driven decision support for organizational IT security auditsen
dc.typeText/Journal Article
gi.citation.endPage217
gi.citation.publisherPlaceBerlin
gi.citation.startPage207

Dateien