Gómez BO, Estrada SV, Bauta CRR, García RI

Language: Spanish
References: 15
Page: 187-200
PDF size: 434.89 Kb.

ABSTRACT

In recent years, the information audit has increased in importance due to its impact on the prevention or detection of violations that affect the confidentiality, integrity, availability and traceability of the organization resources. The information audit is an important component of the informatics audit depends largely on the expressiveness of the event log to ensure the quality of results. The standard XES and Auditing framework are the most innovative solutions focused on managing the event log. The analysis of these and other solutions, showed there are limitations related to the structure of the event log formalization, which impact negatively on the quality of the analysis results. These deficiencies hinder decision making related to security, information systems operation and their impact on business processes of the organization. From the problematic existing, the main contribution of this work is the design of a model event log management for the audit information, to support decision making in organizations with different goals. It describes the needed concepts to integrate, in a consistently way, the business processes, actors, Information Systems and other aspects associated with the application environment. The model was applied in the development of different information systems, having good results.

REFERENCES

1. Morris S, Christodoulides M, Cornwell Jones LR. UK Security Breach Investigations Report. UK: 7Safe; 2010:1.

2. PricewaterhouseCoopers. Information Security Breaches Survey 2010:technical report. Infosecurity Europe. 2010:2-7.

3. Hendricks KB, Singhal VR, Stratman JK. The impact of enterprise systems on corporate performance: A study of ERP, SCM, and CRM system implementations. Operations Management. Journal of Operations Management 2007;25:6582.

4. Micro T. Web Application Security. Trend Micro; 2008:1.

5. Sánchez AA. Análisis técnico por ventas de una distribuidora de celulares. Ingeniería en Auditoría y Control de Gestión. Quito, Ecuador: Escuela Superior Politécnica de Litoral; 2007:19-20.

6. Nicho M, Cusack B. A metrics generation model for measur in the control objectives of information systems audit. 40th Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society; 2007:235.

7. Ciurea C. The Informatics Audit A Collaborative Process. The Informatics Audit A Collaborative Process. 2010;14:119-27.

8. Botha H, Boon JA. The Information Audit: Principles and Guidelines. Libri. 2003;53:2338.

9. Aalst WMPvd, ed. Process Mining Discovery, Conformance and Enhancement of Business Processes. Germany: Springer; 2010.

10. González SS, Lluch MZ. Auditoría de la información, punto de partida de la gestión del conocimiento. El profesional de la información. 2003;12:290-7.

11. Aumatell CSi. Auditoría de la información, punto de partida de la gestión del conocimiento. El profesional de la información. 2003;12:261-8.

12. Sabbaghi AM. Fariborz establishing an efficient and searchable encrypted log using record authenticator. International Conference on Computer Technology and Development. Qazvin, Irán: IEEE; 2009.

13. Sahibudin M, Ayat M. Combining ITIL, COBIT and ISO/IEC 27002 in Order to Design a Comprehensive IT Framework in Organizations. Second Asia International Conference on Modelling & Simulation. Asia: IEEE; 2008:749-753.

14. Aalst WMPvdH KM, Werf JM, Verdonk M. Auditing 2.0: Using Process Mining to Support Tomorrow's Auditor. IEEE 2010.

15. Günther CW. Extensible Event Stream. 2009:1-22.