Gabriela Gheorghe, Fabio Massacci, Stephan Neuhaus, Alexander Pretschner
2009 Proceedings of the first ACM workshop on Information security governance - WISG '09  
Advanced methodologies for compliance such as CobiT identify a number of maturity levels that must be reached: first the existence of an infrastructure for the enforcement of security controls; second, the ability to continuously monitor and audit quantifiable indicators for the controls put in place; and third, the ability to react when a policy violation is detected. In this paper, we go further and define a governance and compliance maturity model (GoCoMM) that is process-oriented. As an
more » ... ance of the highest level of governance and compliance, we suggest a method of goal correlation that provides measurable indicators of security and compliance by systematically refining business processes and regulatory goals. We also introduce a run-time architecture to support this model.
doi:10.1145/1655168.1655175 fatcat:y37suiq5bvhzxhzxtsfgnkqcou