Título: A methodology for continuous computer security auditing

Autores: Urko Zurutuza , Roberto Uribeetxeberria , Jesús Lizarraga , and Iñaki Velez de Mendizabal

Fecha: July 2004

Area: Seguridad

Tema: Mecanismos de Evaluación y Auditoría

Abstract: This paper presents an approach to a methodology for continuous computer security auditing. It consists on measuring and controlling the security level of any organisation as a continuous process. This process establishes a method that permits organisations to control and to monitor the security level in real time, to be able to take the appropriate countermeasures in case a deviation occurs. The ability to measure the current state of the security is essential to continue improving the safeguard of our information. This will allow a proactive position regarding to security issues as one can be aware of the level acquired as well as the level required. The paper gives a brief overview of security metrics, discusses how the metrics are obtained and provides an example of carrying out a continuous audit.

[pdf]

[ppt]

Referencia:

bibtex:

@INPROCEEDINGS{zur04b,
  author = {Urko Zurutuza and Roberto Uribeetxeberria and Jes\'us Lizarraga and
    Iñaki Velez de Mendizabal},
  title = {A methodology for continuous computer security auditing},
  booktitle = {In Proceedings of the IADIS International Conference e-Society 2004},
  year = {2004},
  address = {\'Avila, Spain},
  month = {July}
}