Challenges in Cross-Organizational Security Management

Thalmann, Stefan; Bachlechner, Daniel; Demetz, Lukas; Maier, Ronald

doi:10.1109/hicss.2012.148

Cited by 14 publications

(9 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another limitation related to the generalizability of the findings results from the use of one specific scenarios provided by the industry partners. Insight gained through the interviews as well as related literature (Thalmann et al, 2012;Takabi et al, 2010) made us confident that the selected scenario is not unusual in terms of the challenges faced.…”

Section: Discussionmentioning

confidence: 98%

“…Our research also indicates that satisfying the information needs of auditors is more challenging the greater the number of requirements and the wider the distribution of the IT landscape. Software support is considered particularly important in such situations (Thalmann et al, 2012). Furthermore, we found that software used by service providers holds a considerable portion of the information needed.…”

Section: Accessing the Information Held By Service Providersmentioning

confidence: 88%

“…It is no longer sufficient for auditors to understand the services and the IT landscape of the organizations they audit, but now they also have to be aware of the requirements imposed by their auditees' customers and verify the controls in place at their auditees' suppliers. Software support was found to be useful to ensure meaningful audits of service providers in such settings at reasonable costs (Thalmann et al, 2012). Complementing manual approaches to information procurement with support through software-based approaches is expected to be valuable for auditors and service providers alike (Sinclair et al, 2011).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Auditing service providers: supporting auditors in cross-organizational settings

Bachlechner

Thalmann²,

Manhart³

2014

Managerial Auditing Journal

Self Cite

View full text Add to dashboard Cite

If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information. About Emerald www.emeraldinsight.comEmerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services.Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation. AbstractPurpose -The purpose of this paper is to shed light on the particular information needs of external auditors performing information technology (IT) audits at service providers in cross-organizational settings and to promote a software-based approach towards their satisfaction. The approach is intended to supplement the manual approaches currently adopted by auditors to procure information in such settings. Design/methodology/approach -The authors analyzed data collected by means of a series of 16 interviews and four think-aloud sessions with experienced professionals. Findings -Information procurement is perceived as tedious by auditors and largely relies on repeat interviews and perusal of documents. Given the growing complexity of cross-organizational settings, manual approaches to information procurement are reaching their limits. A considerable portion of the information required is often stored by service providers using software that is inaccessible to auditors. The authors argue that a software-based approach providing an interface for auditors to access relevant information held by such software presents an avenue worth exploring. Practical implications -The authors outline how the information stored by service providers using software can be made accessible with reasonable effort. Complementing manual approaches to information procurement with an audit interface would reduce workload and increase quality. Originality/value -The concept of an audit interface represents a novel and promising approach to meeting the information needs of auditors performing IT audits in cross-organizational settings more effectively. Both auditors and service providers would benefit from its implementation.

show abstract

Section: Discussionmentioning

confidence: 98%

Section: Accessing the Information Held By Service Providersmentioning

confidence: 88%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Auditing service providers: supporting auditors in cross-organizational settings

Bachlechner

Thalmann²,

Manhart³

2014

Managerial Auditing Journal

Self Cite

View full text Add to dashboard Cite

show abstract

“…If a service provider outsources a service to a third party where functionality is not transparent, users must be able to inspect the whole process [12]. Security standards (C1) and governing bodies are part of service level agreements (SLA) (I4) and legal aspects, respectively which have not been taken into practices for cloud computing [32,33]. SLA defines the relationship among parties (provider-recipient) and is extremely important for both parties [9].…”

Section: C5 Datamentioning

confidence: 99%

Cloud Computing Security: A Survey

2014

View full text Add to dashboard Cite

Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures. OPEN ACCESSComputers 2014, 3 2

show abstract

“…However, the increasingly widespread distribution of business processes also creates new challenges such as [10] cloud auditing, management of service heterogeneity, coordination of involved parties, management of client-vendor relationships, localizing and migrating data, and coping with a significant lack of security awareness [11], [12]. One of most evident challenges is distributed process tracing and validation which directly affects cross-organizational security management [13], [14], [15]. To address these challenges, several process-aware information systems have been introduced that support the automated enactment and execution of business processes and have been applied to different business process management tasks [16].…”

Section: Introductionmentioning

confidence: 99%

Providing online operational support for distributed, security sensitive electronic business processes

Talamo

Povilionis

Arcieri

et al. 2015

2015 International Carnahan Conference on Security Technology (ICCST)

View full text Add to dashboard Cite

Online process mining techniques are increasingly used to provide operational support. In this work we describe tools to support distributed business processes which handle sensitive data and require a high level of security together with real-time validation. The techniques presented here have been specifically developed for real-time compliance checking of distributed processes in choreographies of heterogeneous entities. Challenges include the fast aggregation, analysis and validation of process logs that are collected from the distributed participants. The autonomy of the participating entities has to be respected and no sensitive data pertaining to the content of the individual transactions must be accessed for process support and validation purposes. A validation authority for process monitoring and validation is set up. Together with software agents dispatched to the participating entities the validation authority collects events in a central log and then analyzes these events using a particular representation of the process in form of a validation tree to detect and resolve anomalies. We describe the application of these technologies in a distributed business process with more than 400,000 daily process executions. The business process is supported by a help desk managing and responding to incidents and anomalies. We observe a reduction of 90% of the calls to the help desk and an average reduction of 15% in call length. Further the help desk was enabled to act pro-actively, calling participants to the process even before they became aware of anomalies that affected their organization

show abstract

Challenges in Cross-Organizational Security Management

Cited by 14 publications

References 30 publications

Auditing service providers: supporting auditors in cross-organizational settings

Auditing service providers: supporting auditors in cross-organizational settings

Cloud Computing Security: A Survey

Providing online operational support for distributed, security sensitive electronic business processes

Contact Info

Product

Resources

About