Full Program »
On the assessment of compliance with the requirements of regulatory documents to ensure information security
Examples of different types of assessments are all around us, providing our assurance that the goods we use won’t harm us, that the system components will work correctly, that services are being delivered consistently, that manufacturers are effectively managing the impact of their activities on health, safety, and the environment, etc. One of the essential forms of assessment is a compliance assessment designed to check how the requirements of regulatory documents to ensure information security (IS) are fulfilled or not on the assessment object, for example, a product, process, system, or service. This short paper discusses work-in-progress results as a part of research aimed at determining the ways of possible improvement, unification and greater formalization of an objective assessment of compliance with the mandatory requirements of regulatory documents on ensuring IS for the selected assessment objects based on the development of recommendations for applying a risk-based approach.