Compliance with standards, assurance and audit: does this equal security?

Robert Anderson Keith Duncan, Mark Whittington

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)
4 Downloads (Pure)

Abstract

Managing information security is a challenge. Traditional checklist approaches to meeting standards may well provide compliance, but do not guarantee to provide security assurance. The same might be said for audit. The complexity of IT relationships must be acknowledged and explicitly managed by recognising the implications of the self-interest of each party involved. We show how tensions between these parties can lead to a misalignment of the goals of security and what needs to be done to ensure this does not happen.
Original languageEnglish
Title of host publicationProceedings of the 7th International Conference on Security of Information and Networks
Place of PublicationNew York
PublisherACM
Pages77-84
Number of pages8
ISBN (Print)9781450330336
DOIs
Publication statusPublished - 11 Sep 2014
EventThe 7th International Conference on Security of Information and Networks - Western Infirmary Lecture Theatre, Glasgow University., Glasgow, United Kingdom
Duration: 9 Sep 201411 Sep 2014
http://www.sinconf.org/sin2014/

Conference

ConferenceThe 7th International Conference on Security of Information and Networks
Abbreviated titleSIN 2014
CountryUnited Kingdom
CityGlasgow
Period9/09/1411/09/14
Internet address

Keywords

  • standards
  • assurance
  • audit
  • security
  • compliance
  • checklists

Fingerprint Dive into the research topics of 'Compliance with standards, assurance and audit: does this equal security?'. Together they form a unique fingerprint.

Cite this