Towards compliance management automation thru ontology mapping of requirements to activities and controls
In recent years, the complexity and scale of compliance requirements has grown significantly due to globalization as well as maturing of different fields and regulations. However, there remains a gap between compliance management tools and security management tools whereby the later cannot be direct...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Published: |
Animo Repository
2019
|
| Subjects: | |
| Online Access: | https://animorepository.dlsu.edu.ph/faculty_research/2870 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | De La Salle University |
| id |
oai:animorepository.dlsu.edu.ph:faculty_research-3869 |
|---|---|
| record_format |
eprints |
| spelling |
oai:animorepository.dlsu.edu.ph:faculty_research-38692021-11-15T03:37:44Z Towards compliance management automation thru ontology mapping of requirements to activities and controls Cheng, Danny C. Villamarin, Jod B. Cu, Gregory Cheng, Nathalie Rose Lim- In recent years, the complexity and scale of compliance requirements has grown significantly due to globalization as well as maturing of different fields and regulations. However, there remains a gap between compliance management tools and security management tools whereby the later cannot be directly linked to the former as the focus and terminologies used are very different. The tasks of mapping security implementations to compliance requirements that will allow compliance monitoring and management is therefore performed manually and repeatedly across multiple standards, regulations, and organizations. This process is highly inefficient, costly, and does not allow for management to determine compliance levels and gaps in a continuous and automated manner. In this paper, we present an approach that combines ontology mapping, natural language processing, secure systems development lifecycle, and heuristics to allow for mapping of security controls and activities to compliance documents such as standards and regulations to focus on compliance and support continuous compliance management and monitoring as well as reduce the compliance efforts needed in multiple standards compliance by allowing reusability via conceptual mapping of multiple standards and requirements. Practices such as unit testing and continuous integration from secure systems development life cycle are also incorporated to allow for flexibility of the automation process while at the same time using it to support the mapping between compliance requirements. © 2018 IEEE. 2019-01-25T08:00:00Z text https://animorepository.dlsu.edu.ph/faculty_research/2870 Faculty Research Work Animo Repository Compliance auditing--Automation Compliance Natural language processing (Computer science) Computer Sciences |
| institution |
De La Salle University |
| building |
De La Salle University Library |
| continent |
Asia |
| country |
Philippines Philippines |
| content_provider |
De La Salle University Library |
| collection |
DLSU Institutional Repository |
| topic |
Compliance auditing--Automation Compliance Natural language processing (Computer science) Computer Sciences |
| spellingShingle |
Compliance auditing--Automation Compliance Natural language processing (Computer science) Computer Sciences Cheng, Danny C. Villamarin, Jod B. Cu, Gregory Cheng, Nathalie Rose Lim- Towards compliance management automation thru ontology mapping of requirements to activities and controls |
| description |
In recent years, the complexity and scale of compliance requirements has grown significantly due to globalization as well as maturing of different fields and regulations. However, there remains a gap between compliance management tools and security management tools whereby the later cannot be directly linked to the former as the focus and terminologies used are very different. The tasks of mapping security implementations to compliance requirements that will allow compliance monitoring and management is therefore performed manually and repeatedly across multiple standards, regulations, and organizations. This process is highly inefficient, costly, and does not allow for management to determine compliance levels and gaps in a continuous and automated manner. In this paper, we present an approach that combines ontology mapping, natural language processing, secure systems development lifecycle, and heuristics to allow for mapping of security controls and activities to compliance documents such as standards and regulations to focus on compliance and support continuous compliance management and monitoring as well as reduce the compliance efforts needed in multiple standards compliance by allowing reusability via conceptual mapping of multiple standards and requirements. Practices such as unit testing and continuous integration from secure systems development life cycle are also incorporated to allow for flexibility of the automation process while at the same time using it to support the mapping between compliance requirements. © 2018 IEEE. |
| format |
text |
| author |
Cheng, Danny C. Villamarin, Jod B. Cu, Gregory Cheng, Nathalie Rose Lim- |
| author_facet |
Cheng, Danny C. Villamarin, Jod B. Cu, Gregory Cheng, Nathalie Rose Lim- |
| author_sort |
Cheng, Danny C. |
| title |
Towards compliance management automation thru ontology mapping of requirements to activities and controls |
| title_short |
Towards compliance management automation thru ontology mapping of requirements to activities and controls |
| title_full |
Towards compliance management automation thru ontology mapping of requirements to activities and controls |
| title_fullStr |
Towards compliance management automation thru ontology mapping of requirements to activities and controls |
| title_full_unstemmed |
Towards compliance management automation thru ontology mapping of requirements to activities and controls |
| title_sort |
towards compliance management automation thru ontology mapping of requirements to activities and controls |
| publisher |
Animo Repository |
| publishDate |
2019 |
| url |
https://animorepository.dlsu.edu.ph/faculty_research/2870 |
| _version_ |
1718382665099378688 |