Auditing security of information flows is still considered as one of the challenges in business information systems development. There are different standards and approaches that address information security. However, due to the number of information assets that have to be audited and the frequency of their changes the audit becomes complex and sometimes too subjective. Therefore, to have an opportunity to audit information security at the business process level, we needed to find a method that gives the base structure for the audit activities and supports the choice of information assets for the audit. In this regard, the Security Requirement Elicitation from Business Process approach, which focuses on information security requirements in business processes, provided an idea to ground the audit approach in business processes and information flows in them in order to facilitate integrated consideration of both, business and technology, aspects during the audit.
CITATION STYLE
Kozlovs, D., & Kirikova, M. (2016). Auditing security of information flows. In Lecture Notes in Business Information Processing (Vol. 261, pp. 204–219). Springer Verlag. https://doi.org/10.1007/978-3-319-45321-7_15
Mendeley helps you to discover research relevant for your work.