GoCoMM: a governance and compliance maturity model

Gheorghe, Gabriela; Neuhaus, Stephan; Massacci, Fabio; Pretschner, Alexander

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

GoCoMM: a governance and compliance maturity model

Gheorghe, Gabriela; Neuhaus, Stephan; Massacci, Fabio et al.

2009 • In GoCoMM: a governance and compliance maturity model

Peer reviewed

Permalink
https://hdl.handle.net/10993/10962

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

gocomm.pdf

Author postprint (175.97 kB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Disciplines :

Computer science

Author, co-author :

Gheorghe, Gabriela ; University of Trento > DISI

Neuhaus, Stephan; University of Trento > DISI

Massacci, Fabio; University of Trento

Pretschner, Alexander

Language :

English

Title :

GoCoMM: a governance and compliance maturity model

Publication date :

2009

Event name :

Proceedings of the first ACM workshop on Information security governance

Event organizer :

ACM

Event place :

Chicago, IL, United States

Event date :

13-11-2009

Audience :

International

Main work title :

GoCoMM: a governance and compliance maturity model

Peer reviewed :

Peer reviewed

Available on ORBilu :

since 15 November 2013

Statistics

Number of views

61 (3 by Unilu)

Number of downloads

1 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In VLDB, pages 143-154, 2002.
Y. Asnar, P. Giorgini, F. Massacci, and N. Zannone. From trust to dependability through risk analysis. In Proc. of ARES'07. IEEE Press, 2007.
Basel Committee on Banking Supervision. International convergence of capital measurement and capital standards, June 2006.
S. M. Bellovin. On the brittleness of software and the infeasibility of security metrics. IEEE Security & Privacy, 4(4):96, July-August 2006.
P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone. Requirements engineering for trust management: Model, methodology, and reasoning. IJIS, 5(4):257-274, 2006.
M. Hafner, M. Breur, R. Breu, and A. Nowak. Modelling inter-organizational workflow security in a peer-to-peer environment. In Proceedings of the IEEE International Conference on Web Services, pages 533-540, Los Alamitos, CA, USA, 2005. IEEE Computer Society.
K. W. Hamlen, G. Morrisett, and F. B. Schneider. Computability classes for enforcement mechanisms. TOPLAS, 28(1):175-205, 2006.
M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter. A Policy Language for Distributed Usage Control. In Proc. ESORICS, pages 531-546, 2007.
International Systems Security Engineering Association. Systems Security Engineering - Capability Maturity Model, 2009. http://www.sse-cmm.org/index. html. Last document upload 2002.
ISACA. Cobit. www.isaca.org/cobit/, 2008.
IT Governance Institute. IT Control Objectives for BASEL II. The important of Goverance and Risk Management for Complience, 2007.
A. Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley Professional, 2007.
Y. Karabulut, F. Kerschbaum, F. Massacci, P. Robinson, and A. Yautsiukhin. Security and trust in it business outsourcing: a manifesto. In Pro, of STM'06, ENTCS. Elsevier, 2006.
G. Karjoth, B. Pfitzmann, M. Schunter, and M. Waidner. Service-oriented Assurance - Comprehensive Security by Explicit Assurances. In Proc. of QoP'05, 2005.
K. Krukow, M. Nielsen, and V. Sassone. A framework for concrete reputation systems with applications to history based access control. In Proc. of CCS'05, 2005.
J. Ligatti, L. Bauer, and D. Walker. Edit Automata: Enforcement Mechanisms for Run-time Security Policies. Int. J. of Inform. Sec., 4(1-2):2-16, February 2005.
G. McGraw, B. Chess, and S. Migues. The building security in maturity model. http://www.bsi-mm.com/, June 2009.
N. Nagappan, T. Ball, and A. Zeller. Mining metrics to predict component failures. In Proceedings of the 27th International Conference on Software Engineering, New York, New York, USA, May 2005. ACM Press.
C. of Sponsoring Organizations. Coso internal control-integrated framework. www.sox-online.com/coso-2004-coso-framework.html, 2004.
J. Park and R. Sandhu. The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security, 7:128-174, 2004.
P. Samarati and S. D. C. di Vimercati. Access Control: Policies, Models, and Mechanisms. In FOSAD 2001/2002, volume 2946 of LNCS, pages 137-196. Springer-Verlag, 2001.
A. Schaad and J. Moffett. Delegation of Obligations. In Proc. of POLICY'02, pages 25-35. IEEE Press, 2002.
A. Shostack and A. Stewart. The New School of Information Security. Addison-Wesley Professional, 2008.
Software Engineering Institute. Capability Maturity Model Integration, 2009. http://www.sei.cmu.edu/cmmi/.
United States Code. Sarbanes-oxley act of 2002, pl 107-204, 116 stat 745. Codified in Sections 11, 15, 18, 28, and 29 USC, July 2002.
J. Wainer, P. Barthelmess, and A. Kumar. W-rbac: A workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems, 12(4):455-485, 2003.