Analysis of the Next Evolution of Security Audit Criteria
Abstract:
Security assessments are performed for multiple reasons, including compliance with the information security regulation. Amongst other objectives, regulatory requirements are created to increase the resilience of national infrastructure and protect against information and cybersecurity threats. When the regulatory requirements are revised, the security audit criteria also need to be updated and validated. This was also the case with the Julkri, criteria developed for the conformance assessments of the renewed Finnish information security regulation. In this article, a comparative evaluation based on Design Science Research is performed to determine whether the new Julkri criteria improve existing criteria and control catalogues.
AUTHORS
Faculty of Information Technology
University of Jyväskylä
Jyväskylä, Finland
Riku Nykänen is working as Information Security Office at TOYOTA GAZOO Racing World Rally Team. He is currently pursuing his Ph.D. degree at University of Jyväskylä, where he has received the M.S. degree. His research interests include security management, risk management, and security control selection. During the Julkri development, he was working at Huld Oy as information security consultant and security manager. He participated in the development as a consultant.
Faculty of Information and Communication Sciences Tampere University
Tampere, Finland
National Cyber Security Centre Finland
Finnish Transport and Communications Agency
Helsinki, Finland
Tomi Kelo is working as a Chief Specialist at the Finnish National Cyber Security Centre (NCSC-FI), focusing mainly on information assurance and cybersecurity matters. As a hobby, he is also preparing his doctoral thesis at the Tampere University
Faculty of Information Technology
University of Jyväskylä
Jyväskylä, Finland
Tommi Kärkkäinen received the Ph.D. degree in Mathematical Information Technology from the University of Jyväskylä (JYU), in 1995. Since 2002, he has been serving as a full professor of Mathematical Information Technology at the Faculty of Information Technology (FIT), JYU. He has been/is involved in supervising 60 Ph.D. students, and he has published over 210 peer-reviewed articles. He received the Innovation Prize of JYU in 2010. He has served in many administrative positions at FIT and JYU, currently leading a Research Division and a Research Group on Human and Machine-Based Intelligence in Learning. He is a senior member of the IEEE.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive