Abstract
Multi-national enterprises, like financial services companies, operate large and critical information systems around the globe on a 24/7 basis. In an information-based business, even a single inadequately designed, implemented, tested and operated business application can put the existence of the enterprise at risk.
For adequately securing the integrity of business critical information and hence ensuring that such information is meaningful, accurate and timely, we present our risk assessment and controls framework: First, we introduce our criticality rating scheme that is based on the recoverability from integrity failures. For dealing with dependencies among applications, we present our approach based on services given a Service-Oriented Architecture (SOA). Second, we provide an overview of our design-related controls including a data analytics approach to continuously audit the most critical information assets. Finally, we present our learnings from a first implementation of the presented framework.
Chapter PDF
Similar content being viewed by others
Keywords
References
Murer, S., Bonati, B., Furrer, F.J.: Managed Evolution: A Strategy for Very Large Information Systems. Springer (2011)
Krafzig, D., Banke, K., Slama, D.: Enterprise SOA: Service-Oriented Architecture Best Practices. Prentice Hall Publisher (2004)
Birgisson, A., Russo, A., Sabelfeld, A.: Unifying facets of information integrity. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 48–65. Springer, Heidelberg (2010)
Oliner, A., Ganapathi, A., Xu, W.: Advances and Challenges in Log Analysis. Communications of the ACM 55(2), 55–66 (2012)
Helland, P.: Idempotence is not a medical condition. Communications of the ACM 55(5) (2012)
ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements 2nd Edition (2005)
ISO/IEC 17799:2005, Information technology – Security techniques – Code of practice for information security management, 2nd Edition (2005)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall (2007)
Mayfield, T.: Integrity in automated information systems, National Computer Security Center, Technical Report 79-91 (1991)
OASIS Reference Model for Service Oriented Architecture 1.0, Official OASIS Standard (2006)
Vasarhelyi, M.A., Alles, M., Kogan, A.: Principles of Analytic Monitoring for Continuous Assurance. Journal of Emerging Technologies in Accounting 1(1), 1–21 (2004)
Chan1, D.Y., Vasarhelyi, M.A.: Innovation and practice of continuous auditing. International Journal of Accounting Information Systems 12(2) (2011)
Risks Digest: Forum On Risks To The Public In Computers And Related Systems (moderated by Neumann, P.G.), vol. 26(97) (2012)
Risks Digest: Forum On Risks To The Public In Computers And Related Systems (moderated by Neumann, P.G.), vol. 26(92) (2012)
Risks Digest: Forum On Risks To The Public In Computers And Related Systems (moderated by Neumann, P.G.), vol. 21(81) (2001)
Ross, S.J.: Information Security Matters: Keynes, Shelley, Taleb and Watts. ISACA Journal 4 (2012)
Taleb, N.: The Black Swan: The Impact of the Highly Improbable. Penguin (2008)
Clement, M., et al.: Data analytics for information security: from hindsight to insight, Research Report, Information Security Forum (2012)
Murer, S.: 13 Years of SOA at Credit Suisse: Lessons Learned-Remaining Challenges. In: Ninth IEEE European Conference on Web Services, ECOWS (2011)
Financial Times, FSA challenges bank chairmen over IT (September 4, 2012)
Simmhan, Y.L., Plale, B., Gannon, D.: A survey of data provenance in e-science. SIGMOD Rec. 34(4), 31–36 (2005)
Moreau, L., et al.: The Provenance of Electronic Data. Communications of the ACM 51(4), 52–58 (2008)
Bennett, J.C., Bohoris, G.A.: Risk analysis techniques and their application to software development. European Journal of Operational Research 96(3), 467–475 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liver, B., Kaufmann, H. (2013). Integrity in Very Large Information Systems. In: Salinesi, C., Norrie, M.C., Pastor, Ó. (eds) Advanced Information Systems Engineering. CAiSE 2013. Lecture Notes in Computer Science, vol 7908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38709-8_41
Download citation
DOI: https://doi.org/10.1007/978-3-642-38709-8_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38708-1
Online ISBN: 978-3-642-38709-8
eBook Packages: Computer ScienceComputer Science (R0)