Incorporating Policy-Based Authorization Framework in Audit Rule Ontology for Continuous Process Auditing in Complex Distributed Systems

“…This recommender system will also generate trustaware explanation/opinion by using audit rule base reasoning, heuristics of past access control decisions and heuristics of acceptable risk level (point 8 in Table I and [22]). Again keeping the window open for domain specifics, such recommender engine and framework should have to provide services for AaaS clientèle.…”

“…This mechanism in auditing opens the door for: defining benchmark, scalability, process independence, audit rule generation and robust adaptation of audit rules, learning knowledge in topdown hierarchical order, system access control and security [22], and continuous on-time (or even real-time) support of AaaS system to the clientèle.…”

“…To maintain the integrity of evaluation results, the continuous auditing system's security and access control must be thoroughly assured and secured [23] by incorporating riskaware policy-based authorization mechanism [22] In this paper, we present a new hybrid architecture which integrates several techniques so as to provide continuous process auditing as a service, taking advantage of what each subsystem can offer in overcoming the challenges and inconsistencies of continuous auditing implementation stated in Table I. Existing standalone systems have tackled subsets of the specific continuous auditing problems stated in Table I.…”

“…Audit rule adaptation and generation principles (point 3 in Table I) are controlled through audit rule ontology and knowledge acquired from rules engine as well as experts knowledge (see Sec V). Audit rule ontology incorporating policy-based authorization [22] has been introduced to maintain information access, and access control and security (point 7,8 in Table I) issues of the continuous process auditing in distributed environments.…”

“…Information Access Having all data that come from all sources (homogeneous, heterogeneous ...), and building ontologies using them for faster and common access to domain knowledge, it is possible to extract patterns that can be used to predict potential situations in the future [16], [22] 8.…”

Continuous process auditing (CPA): An audit rule ontology based approach to audit-as-a-service

“…This recommender system will also generate trustaware explanation/opinion by using audit rule base reasoning, heuristics of past access control decisions and heuristics of acceptable risk level (point 8 in Table I and [22]). Again keeping the window open for domain specifics, such recommender engine and framework should have to provide services for AaaS clientèle.…”

“…This mechanism in auditing opens the door for: defining benchmark, scalability, process independence, audit rule generation and robust adaptation of audit rules, learning knowledge in topdown hierarchical order, system access control and security [22], and continuous on-time (or even real-time) support of AaaS system to the clientèle.…”

“…To maintain the integrity of evaluation results, the continuous auditing system's security and access control must be thoroughly assured and secured [23] by incorporating riskaware policy-based authorization mechanism [22] In this paper, we present a new hybrid architecture which integrates several techniques so as to provide continuous process auditing as a service, taking advantage of what each subsystem can offer in overcoming the challenges and inconsistencies of continuous auditing implementation stated in Table I. Existing standalone systems have tackled subsets of the specific continuous auditing problems stated in Table I.…”

“…Audit rule adaptation and generation principles (point 3 in Table I) are controlled through audit rule ontology and knowledge acquired from rules engine as well as experts knowledge (see Sec V). Audit rule ontology incorporating policy-based authorization [22] has been introduced to maintain information access, and access control and security (point 7,8 in Table I) issues of the continuous process auditing in distributed environments.…”

“…Information Access Having all data that come from all sources (homogeneous, heterogeneous ...), and building ontologies using them for faster and common access to domain knowledge, it is possible to extract patterns that can be used to predict potential situations in the future [16], [22] 8.…”

Continuous process auditing (CPA): An audit rule ontology based approach to audit-as-a-service