Speed and accessibility operations enhanced by data and communication technologies, especially, the Internet and the latest Internet-enabled receptions, lead border security agencies to become heavily reliant on the functionality of their security auditing systems. On the other hand, the development of wireless communication and the fast development and availability of the latest services to ease accessibility, such as for instance, the latest cloud computing services, have been gaining currency not just by the border security agencies, but by general users as well. Although these latest breakthroughs provide a preferable service with a promising technological drive that is neither expensive nor exorbitant, they also offer a set of latest and unpredictable risks. As a result, new types of security protection become significantly important and existing security audit processes may need to be reviewed. One tactic is to operate regular security audits, to assess the functionality of the security management and examine if the existing security procedures need to be reviewed. A security audit is performed to evaluate the efficiency of an organization’s capability to safeguard its invaluable or critical assets. However, an investigated approach could be presented to enhance security management via a conceptual framework designed to aid organizations to categorise attacks, identifying assets and curbing their weaknesses and threats. The proposed framework is then based on a conceptual model with the capability to represent the semantic concepts and their relationships in the first-place domain of data security defined accordingly to the creation of ISO/IEC_JTC1.
The creation of ISO/IEC_JTC1 standards enhanced the standardization of the semantic concepts defined in the domain of data security. The right comprehension and recognition of those concepts are the inherent requirement to be considered in carrying out a proper assessment of the security audit efficacy and further detecting and classifying an occurred security occurrence as well as approximating its effects. The proposed conceptual framework aims to help the organization, initially to meticulously ascertain what should be safeguarded (the assets) and their weaknesses (vulnerabilities) involved in their daily activity. Additionally, to evaluate what weaknesses can be taken advantage of by an attack, as well as the threats that might come up in an attack. Lastly, assess the effectiveness and the efficiency of the regulations and controls put in place, in order to assess if they are being put in the right direction or if they need any correction.
Furthermore, the auditor can choose the phenomenon from which he/she decides to begin the auditing procedure and proceed to the directed related phenomenon. Each phenomenon has in it, a list of elements that are connected to the other phenomenon, corroborating the hierarchical structure of the semantic phenomenon, defined. These concepts were included in the front end of the framework, rather than the others, due to the inherent nature of the audit operation, which the auditor chose to conduct. In previous years, a security audit is performed once an incident has occurred (reactively followed by a corrective audit), that is when there is an attack on an asset. . In this case, an audit is demanded in order to ascertain the origin of the attack and how the occurrence happened, proceeding with the necessary corrective mechanisms. However, a security audit is not only about examining security break-ins, but rather curbing identified threats, in order to ascertain : (1) the security compliance; (2) the security of critical assets; (3) the right controls are in the right place. In this last view, a security audit is conducted in the context of the security risk management process and aims to establish or assess a security regulation. Being performed by the major phenomenon and their relationships defined by an ontology, the proposed framework offers to help organizations to comprehend, make preparation as well as to conduct security audits, by themselves. This framework does not concentrate totally on technical controls involved with information security but compels processes and practices to help organizations to sustain consistently high levels of employable and good quality data concerning their security auditing systems. Within the ontology, each phenomenon is mapped to genuine subjects. For instance, a malevolent code attack is linked/connected to the impacted assets, the weakness it explores, and the security properties that have been compromised. Despite the enormous amount of data available to complete a basic ontology, it could be accepted that each organization will establish its own view of security awareness.
The framework is modular having to do with this aspect, permitting evolving the ontology by adding the significant subjects. In this manner, the auditor may tread forward via the analysis of the significant weaknesses in the assets that can compromise the security of the border; or the auditor may go along with the examination of the latest threats that might come up in an attack. In addition, the proposed framework includes the typical performance of the same tools, allowing a set of performances, like the possibility of the auditor to develop a report with all procedures conducted, as well as the registration date of the audit. According to the results of the auditor’s analysis, he can also schedule the next audit. Moreover, if the auditor at the time of his analysis identifies a new occurrence, i.e. an attack that is not presented on the list of attacks, the auditor should report this latest attack with its characteristics, which will be confirmed by the administrator of the framework and, after that, the administrator will index the attack to the list of attacks. This process is similar if the auditor decides to perform the audit via the analysis of the assets or threats and during the procedure identifies a new weakness in an asset or a new threat.
Points to discuss:
How should a regular security audit be conducted?
Learners are expected to highlight how regular security audits should be performed in which case regular security audits should be performed not only as a reactive response to an occurred incident but also as proactive audits to assess if security controls and procedures adopted by an organization are proper to protect their valued and critical assets. Learners, in order to comprehend the concept more, can further state that the need for permanent study of attacks, threats and the assets’ vulnerabilities in an information system is essential due it to their continued evolvement and the significant impacts on an organization.
What is the implementation of a conceptual model to support the auditor to understand business requirements in managing security?
In this case, learners are to enumerate the implementation of a conceptual model, to support the auditor to understand the business requirements in managing the security of an organization, which are: properly identify the valued or critical assets; properly identify the vulnerabilities of assets; identify and mitigate potential threats;Â evaluate the risks; evaluate the efficiency and effectiveness of the security policies and safeguards defined and therefore analyze and implement the necessary adjustments to security policy adopted.
To what extent has the solution realised introduced a new perspective to model security audit?
Learners should learn and gain more from the discussion of this point as the solution introduces a new perspective to model security audit, in the security domain, since it is based on a conceptual model with capabilities to richly describe multiple security resources within an organization. Furthermore, learners should be proactive in engaging in this discussion by augmenting their points that it enables an organization to evolve its own instantiation of the security ontology, obeying standard concepts, but embedding its own view and assuming the risk of exposition.