Abstract

In recent years, the complexity and scale of compliance requirements has grown significantly due to globalization as well as maturing of different fields and regulations. However, there remains a gap between compliance management tools and security management tools whereby the later cannot be directly linked to the former as the focus and terminologies used are very different. The tasks of mapping security implementations to compliance requirements that will allow compliance monitoring and management is therefore performed manually and repeatedly across multiple standards, regulations, and organizations. This process is highly inefficient, costly, and does not allow for management to determine compliance levels and gaps in a continuous and automated manner. In this paper, we present an approach that combines ontology mapping, natural language processing, secure systems development lifecycle, and heuristics to allow for mapping of security controls and activities to compliance documents such as standards and regulations to focus on compliance and support continuous compliance management and monitoring as well as reduce the compliance efforts needed in multiple standards compliance by allowing reusability via conceptual mapping of multiple standards and requirements. Practices such as unit testing and continuous integration from secure systems development life cycle are also incorporated to allow for flexibility of the automation process while at the same time using it to support the mapping between compliance requirements.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.