Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Object-oriented software for auditing information systems security: following a methodology for IS risk analysis and optimisation per level

Object-oriented software for auditing information systems security: following a methodology for... Information systems (IS) need permanent attention. Auditors must have effective tools to estimate their level of security and make recommendations to the management, according coherence and optimisation of the resources affected to maintain confidentiality, integrity and availability.Most of the time, risks have various and complex origins. A methodology is needed to analyse the coherence of the factors applied to the security and to suggest appropriate countermeasures, making part of a security policy regarding the objectives of the organization. There is a high demand for improved methodologies supported by software. A methodology for IS risk analysis and optimisation per level named MARION is presented. It has been developed in France from 1984 by APSAD, an association grouping together French insurance companies, and CLUSIF, an association in the area of computer security, MARION works in different contexts: mainframe mono-sites, networks and distributed systems, industrial computing, small and middle sized companies or systems, and microcomputing: involving technical tables, actualized and delivered by APSAD every year. The audit part of the methodology has been implemented in MacMARION , an object-oriented software working on a Macintosh platform, under MacOS operating system and programmed in the C++ language, making adaptation and reusability very easy. Input represents a personal appreciation provided by answer to questions. Output is quantitative and graphical, in the form of tables, roses and differential diagrams, which suggest coherence and relative seriousness with effort to accomplish regarding factors, categories of risks and losses. MacMARION offers an opportunity for self-assessment and a better productivity for auditors who can spend more time for details investigation and higher tasks, detailed investigation of higher or hidden risks. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png ACM SIGSAC Review Association for Computing Machinery

Object-oriented software for auditing information systems security: following a methodology for IS risk analysis and optimisation per level

ACM SIGSAC Review , Volume 10 (4) – Oct 15, 1992

Loading next page...
 
/lp/association-for-computing-machinery/object-oriented-software-for-auditing-information-systems-security-ThMgWP1zj6

References (5)

Publisher
Association for Computing Machinery
Copyright
Copyright © 1992 by ACM Inc.
ISSN
0277-920X
DOI
10.1145/152399.152404
Publisher site
See Article on Publisher Site

Abstract

Information systems (IS) need permanent attention. Auditors must have effective tools to estimate their level of security and make recommendations to the management, according coherence and optimisation of the resources affected to maintain confidentiality, integrity and availability.Most of the time, risks have various and complex origins. A methodology is needed to analyse the coherence of the factors applied to the security and to suggest appropriate countermeasures, making part of a security policy regarding the objectives of the organization. There is a high demand for improved methodologies supported by software. A methodology for IS risk analysis and optimisation per level named MARION is presented. It has been developed in France from 1984 by APSAD, an association grouping together French insurance companies, and CLUSIF, an association in the area of computer security, MARION works in different contexts: mainframe mono-sites, networks and distributed systems, industrial computing, small and middle sized companies or systems, and microcomputing: involving technical tables, actualized and delivered by APSAD every year. The audit part of the methodology has been implemented in MacMARION , an object-oriented software working on a Macintosh platform, under MacOS operating system and programmed in the C++ language, making adaptation and reusability very easy. Input represents a personal appreciation provided by answer to questions. Output is quantitative and graphical, in the form of tables, roses and differential diagrams, which suggest coherence and relative seriousness with effort to accomplish regarding factors, categories of risks and losses. MacMARION offers an opportunity for self-assessment and a better productivity for auditors who can spend more time for details investigation and higher tasks, detailed investigation of higher or hidden risks.

Journal

ACM SIGSAC ReviewAssociation for Computing Machinery

Published: Oct 15, 1992

There are no references for this article.