Compliance with standards, assurance and audit: does this equal security?

Robert Anderson Keith Duncan, Mark Whittington

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)
4 Downloads (Pure)

Abstract

Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assurance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly managed by recognising the implications of the self-interest of each party involved. We show how tensions between these parties can lead to a misalignment of the goals of security and what needs to be done to ensure this does not happen.
Original languageEnglish
Title of host publicationProceedings of the 7th International Conference on Security of Information and Networks
Place of PublicationNew York
PublisherACM
Pages77-84
Number of pages8
ISBN (Print)9781450330336
DOIs
Publication statusPublished - 11 Sep 2014
EventThe 7th International Conference on Security of Information and Networks - Western Infirmary Lecture Theatre, Glasgow University., Glasgow, United Kingdom
Duration: 9 Sep 201411 Sep 2014
http://www.sinconf.org/sin2014/

Conference

ConferenceThe 7th International Conference on Security of Information and Networks
Abbreviated titleSIN 2014
CountryUnited Kingdom
CityGlasgow
Period9/09/1411/09/14
Internet address

Fingerprint

audit
guarantee

Keywords

  • standards
  • assurance
  • audit
  • security
  • compliance
  • checklists

Cite this

Duncan, R. A. K., & Whittington, M. (2014). Compliance with standards, assurance and audit: does this equal security? In Proceedings of the 7th International Conference on Security of Information and Networks (pp. 77-84). [173] New York: ACM. https://doi.org/10.1145/2659651.2659711

Compliance with standards, assurance and audit: does this equal security? / Duncan, Robert Anderson Keith; Whittington, Mark.

Proceedings of the 7th International Conference on Security of Information and Networks. New York : ACM, 2014. p. 77-84 173.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Duncan, RAK & Whittington, M 2014, Compliance with standards, assurance and audit: does this equal security? in Proceedings of the 7th International Conference on Security of Information and Networks., 173, ACM, New York, pp. 77-84, The 7th International Conference on Security of Information and Networks, Glasgow, United Kingdom, 9/09/14. https://doi.org/10.1145/2659651.2659711
Duncan RAK, Whittington M. Compliance with standards, assurance and audit: does this equal security? In Proceedings of the 7th International Conference on Security of Information and Networks. New York: ACM. 2014. p. 77-84. 173 https://doi.org/10.1145/2659651.2659711
Duncan, Robert Anderson Keith ; Whittington, Mark. / Compliance with standards, assurance and audit: does this equal security?. Proceedings of the 7th International Conference on Security of Information and Networks. New York : ACM, 2014. pp. 77-84
@inproceedings{1351497b82f1494db70b322debaf9f78,
title = "Compliance with standards, assurance and audit: does this equal security?",
abstract = "Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assurance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly managed by recognising the implications of the self-interest of each party involved. We show how tensions between these parties can lead to a misalignment of the goals of security and what needs to be done to ensure this does not happen.",
keywords = "standards, assurance, audit, security, compliance, checklists",
author = "Duncan, {Robert Anderson Keith} and Mark Whittington",
year = "2014",
month = "9",
day = "11",
doi = "10.1145/2659651.2659711",
language = "English",
isbn = "9781450330336",
pages = "77--84",
booktitle = "Proceedings of the 7th International Conference on Security of Information and Networks",
publisher = "ACM",

}

TY - GEN

T1 - Compliance with standards, assurance and audit: does this equal security?

AU - Duncan, Robert Anderson Keith

AU - Whittington, Mark

PY - 2014/9/11

Y1 - 2014/9/11

N2 - Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assurance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly managed by recognising the implications of the self-interest of each party involved. We show how tensions between these parties can lead to a misalignment of the goals of security and what needs to be done to ensure this does not happen.

AB - Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assurance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly managed by recognising the implications of the self-interest of each party involved. We show how tensions between these parties can lead to a misalignment of the goals of security and what needs to be done to ensure this does not happen.

KW - standards

KW - assurance

KW - audit

KW - security

KW - compliance

KW - checklists

U2 - 10.1145/2659651.2659711

DO - 10.1145/2659651.2659711

M3 - Conference contribution

SN - 9781450330336

SP - 77

EP - 84

BT - Proceedings of the 7th International Conference on Security of Information and Networks

PB - ACM

CY - New York

ER -