Analysis of the Next Evolution of Security Audit Criteria

Security assessments are performed for multiple reasons, including compliance with the information security regulation. Amongst other objectives, regulatory requirements are created to increase the resilience of national infrastructure and protect against information and cybersecurity threats. When the regulatory requirements are revised, the security audit criteria also need to be updated and validated. This was also the case with the Julkri, criteria developed for the conformance assessments of the renewed Finnish information security regulation. In this article, a comparative evaluation based on Design Science Research is performed to determine whether the new Julkri criteria improve existing criteria and control catalogues.