Analysis of the Next Evolution of Security Audit Criteria

Riku Nykänen; Tomi Kelo; Tommi Kärkkäinen

Analysis of the Next Evolution of Security Audit Criteria

Riku Nykänen
, Tomi Kelo
, Tommi Kärkkäinen

Computing Sciences

Research output: Contribution to journal › Article › Scientific › peer-review

32 Downloads (Pure)

Abstract

Security assessments are performed for multiple reasons, including compliance with the information security regulation. Amongst other objectives, regulatory requirements are created to increase the resilience of national infrastructure and protect against information and cybersecurity threats. When the regulatory requirements are revised, the security audit criteria also need to be updated and validated. This was also the case with the Julkri, criteria developed for the conformance assessments of the renewed Finnish information security regulation. In this article, a comparative evaluation based on Design Science Research is performed to determine whether the new Julkri criteria improve existing criteria and control catalogues.

Original language	English
Pages (from-to)	25-39
Journal	Journal of information warfare
Volume	22
Issue number	4
Publication status	Published - 2023
Publication type	A1 Journal article-refereed

Publication forum classification

Publication forum level 1

Access to Document

Analysis of the Next Evolution
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Accepted author manuscript, 303 KBLicence: Unspecified

Cite this

@article{b820c73bab134262ad2873fef417c1c5,

title = "Analysis of the Next Evolution of Security Audit Criteria",

abstract = "Security assessments are performed for multiple reasons, including compliance with the information security regulation. Amongst other objectives, regulatory requirements are created to increase the resilience of national infrastructure and protect against information and cybersecurity threats. When the regulatory requirements are revised, the security audit criteria also need to be updated and validated. This was also the case with the Julkri, criteria developed for the conformance assessments of the renewed Finnish information security regulation. In this article, a comparative evaluation based on Design Science Research is performed to determine whether the new Julkri criteria improve existing criteria and control catalogues.",

author = "Riku Nyk{\"a}nen and Tomi Kelo and Tommi K{\"a}rkk{\"a}inen",

year = "2023",

language = "English",

volume = "22",

pages = "25--39",

journal = "Journal of information warfare",

issn = "1445-3312",

number = "4",

}

TY - JOUR

T1 - Analysis of the Next Evolution of Security Audit Criteria

AU - Nykänen, Riku

AU - Kelo, Tomi

AU - Kärkkäinen, Tommi

PY - 2023

Y1 - 2023

N2 - Security assessments are performed for multiple reasons, including compliance with the information security regulation. Amongst other objectives, regulatory requirements are created to increase the resilience of national infrastructure and protect against information and cybersecurity threats. When the regulatory requirements are revised, the security audit criteria also need to be updated and validated. This was also the case with the Julkri, criteria developed for the conformance assessments of the renewed Finnish information security regulation. In this article, a comparative evaluation based on Design Science Research is performed to determine whether the new Julkri criteria improve existing criteria and control catalogues.

AB - Security assessments are performed for multiple reasons, including compliance with the information security regulation. Amongst other objectives, regulatory requirements are created to increase the resilience of national infrastructure and protect against information and cybersecurity threats. When the regulatory requirements are revised, the security audit criteria also need to be updated and validated. This was also the case with the Julkri, criteria developed for the conformance assessments of the renewed Finnish information security regulation. In this article, a comparative evaluation based on Design Science Research is performed to determine whether the new Julkri criteria improve existing criteria and control catalogues.

M3 - Article

SN - 1445-3312

VL - 22

SP - 25

EP - 39

JO - Journal of information warfare

JF - Journal of information warfare

IS - 4

ER -

Analysis of the Next Evolution of Security Audit Criteria

Abstract

Publication forum classification

Access to Document

Fingerprint

Cite this