Details
| Originalsprache | Englisch |
|---|---|
| Titel des Sammelwerks | ARES 2010 |
| Untertitel | 5th International Conference on Availability, Reliability, and Security |
| Seiten | 468-474 |
| Seitenumfang | 7 |
| Publikationsstatus | Veröffentlicht - 2010 |
| Veranstaltung | 5th International Conference on Availability, Reliability, and Security, ARES 2010 - Krakow, Polen Dauer: 15 Feb. 2010 → 18 Feb. 2010 |
Abstract
Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.
ASJC Scopus Sachgebiete
- Informatik (insg.)
- Theoretische Informatik und Mathematik
- Ingenieurwesen (insg.)
- Sicherheit, Risiko, Zuverlässigkeit und Qualität
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
ARES 2010: 5th International Conference on Availability, Reliability, and Security. 2010. S. 468-474 5438054.
Publikation: Beitrag in Buch/Bericht/Sammelwerk/Konferenzband › Aufsatz in Konferenzband › Forschung › Peer-Review
}
TY - GEN
T1 - Application and economic implications of an automated requirement-oriented and standard-based compliance monitoring and reporting prototype
AU - Kehlenbeck, Matthias
AU - Sandner, Thorben
AU - Breitner, Michael H.
N1 - Copyright: Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.
AB - Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.
KW - Business process management
KW - IS security
KW - IT compliance
KW - IT risk management
UR - http://www.scopus.com/inward/record.url?scp=77952411445&partnerID=8YFLogxK
U2 - 10.1109/ARES.2010.88
DO - 10.1109/ARES.2010.88
M3 - Conference contribution
AN - SCOPUS:77952411445
SN - 9780769539652
SP - 468
EP - 474
BT - ARES 2010
T2 - 5th International Conference on Availability, Reliability, and Security, ARES 2010
Y2 - 15 February 2010 through 18 February 2010
ER -