•  
  •  
 

Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

The demand, through government regulations, for the preservation of the security, integrity, and privacy of corporate and customer information is increasing at an unprecedented pace. Government and private entities struggle to comply with these regulations through various means—both automated and manual controls. This paper presents an automated security compliance toolkit that is designed and developed using mostly open source tools to demonstrate that 1) meeting regulatory compliance does not need to be a very expensive proposition and 2) an undertaking of this magnitude could be served as a pedagogical exercise for students in the areas of collaboration, project management, software engineering, information assurance, and regulatory compliance.

References

Center for Internet Security (2006), “Next Generation Scoring Tool,” http://www.cisecurity.org. Access date: October 01, 2006.

Cognos (2006), “IT’s Critical Role in SOX and Regulatory Compliance,” http://www.cognos.com/pdfs/whitepapers/wp_its_critical_role_in_sox_and_regulato ry_compliance.pdf?mc=-web_ns_cpp_it_0830, August 30, 2006.

Cole, K. (2006), “HIPAA Compliance: Role Based Access Control Model,” http://www.giac.org/practical/Kenneth_Cole_GSEC.doc, August 30, 2006.

Dhillon, G. (2006), Principles of Information Systems Security, Wiley Publishing Inc., New York.

Feldman, Johnathan (2006), “Don’t Get Burned,” Network Computing, September 28, 2006.

Giuseppini, G. and Burnett, M. (2004), Microsoft Log Parser Toolkit, Syngress, Rockland.

IntersectAlliance (2006), “Guide to SNARE for Windows 2.5.” http://www.intersectalliance.com/resources/Documentation/Guide_to_SNARE_for_ Windows-2.5.pdf, October 11, 2006.

ISACA (2006), “COBIT Framework,” http://www.isaca.org/Template.cfm?Section=COBIT6&Template=/TaggedPage/Ta ggedPageDisplay.cfm&TPLID=55&ContentID=7981, October 06, 2006.

ITIL (2006), “IT Infrastructure Library (ITIL).” http://www.itil.co.uk, October 06, 2006.

ISO (2006), http://www.iso.org/iso/en/commcentre/pressreleases/archives/2005/Ref985.html, October 06, 2006.

Kolodgy, C. (2006), “Optimizing Your IT Controls Environment for Compliance with Multiple Regulations,” http://eval.veritas.com/mktginfo/enterprise/white_papers/entwhitepaper_idc_bindview_policy_manager_2005.en-us.pdf, August 30, 2006.

Langin, D. (2004), “HIPAA Security Provisions: Is Your Network Ready for a Physical,” TripWire, pp.1-12.

Nelson, M. (2006), “Complying with the Federal Information Security Management Act,” TripWire, pp.1-6, 2006.

NetIQ (2006), “NetIQ Compliance Solutions,” http://www.netiq.com/solutions/regulatory/default.asp, October 10, 2006.

OSSEC (2006), “OSSEC Host-based Intrusion Detection System,” http://www.ossec.net/en/home.html, October 10, 2006.

Public Company Accounting Oversight Board (PCAOB) (2006), “Sarbanes-Oxley Act of 2002”, http://www.pcaobus.org/rules/Sarbanes_Oxley_Act_of_2002.pdf, October 15, 2006.

Perry, C. (2006), ”Compliance Control,” Processor, Vol# 28, Issue#30.

Qualys Guard Enterprise (2006), http://qualys.com/products/qgent, October 10, 2006.

Qualys, Inc. (2004), “FISMA Compliance: Making the Grade,” http://www.qualys.com, October 01, 2006.

Qualys, Inc. (2006), “Making Gramm-Leach-Bliley Security Compliance Fast & Easy,” http://www.qualys.com/glba, October 10, 2006.

Scalable Software (2006), “Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life Cycle,” http://www.scalable.com/media/whitepapers/wp_Reducing_Compliance_Costs.pdf, October 13, 2006.

Schwartz, E. (2006), “The Compliance Headache,” InfoWorld, 12.

Swartz, N. (2003), “What Every Business Needs to Know About HIPAA,” The Information Management Journal, 26-34.

Symantec (2006), “Control Compliance Suite,” http://www.symantec.com/Products/enterprise?c=prodinfo&refId=1482, October 08, 2006.

Tripwire Enterprise (2006), http://www.tripwire.com/products/enterprise/index.cfm, October 08, 2006.

TrueCrypt (2006), “TrueCrypt 4.2a,” http://www.truecrypt.org/, October 10, 2006.

Whitman, M. and Mattord, H. (2004), Management of Information Security, Course Technology.

DOI

https://doi.org/10.15394/jdfsl.2007.1032

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.