Presentation Title

A Framework for Analyzing Federal Regulations for Information Security

Advisor Information

Robin Gandhi

Location

Dr. C.C. and Mabel L. Criss Library

Presentation Type

Poster

Start Date

6-3-2015 11:00 AM

End Date

6-3-2015 12:30 PM

Abstract

This research examines regulatory compliance in information systems from a software assurance perspective. Today information systems are software intensive. They are thus prone to software weaknesses, which are exploited by various attacks on the systems. However, when stakeholders are incorporating new systems, they usually tailor security controls based on system needs, thereby, software security concerns receive very less attention than it deserves. In our research, we extend NOMOS, a framework for modeling roles, norms and situations, and evaluate its applicability to information security regulations. We present a case study with the Federal Information Security Management Act (FISMA) of 2002. FISMA statements with high variability space for categorizing information and information systems across multiple documents are examined to explore the utility and limits of the NOMOS framework. Finally, we introduce mechanisms to determine applicability of FISMA and related standards to tailored constraints on software components in a larger information system.

This document is currently not available here.

COinS
 
Mar 6th, 11:00 AM Mar 6th, 12:30 PM

A Framework for Analyzing Federal Regulations for Information Security

Dr. C.C. and Mabel L. Criss Library

This research examines regulatory compliance in information systems from a software assurance perspective. Today information systems are software intensive. They are thus prone to software weaknesses, which are exploited by various attacks on the systems. However, when stakeholders are incorporating new systems, they usually tailor security controls based on system needs, thereby, software security concerns receive very less attention than it deserves. In our research, we extend NOMOS, a framework for modeling roles, norms and situations, and evaluate its applicability to information security regulations. We present a case study with the Federal Information Security Management Act (FISMA) of 2002. FISMA statements with high variability space for categorizing information and information systems across multiple documents are examined to explore the utility and limits of the NOMOS framework. Finally, we introduce mechanisms to determine applicability of FISMA and related standards to tailored constraints on software components in a larger information system.