GoCoMM: A governance and compliance maturity model

G. Gheorghe, F. Massacci, S. Neuhaus, A. Pretschner

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Advanced methodologies for compliance such as CobiT identify a number of maturity levels that must be reached: first the existence of an infrastructure for the enforcement of security controls; second, the ability to continuously monitor and audit quantifiable indicators for the controls put in place; and third, the ability to react when a policy violation is detected. In this paper, we go further and define a governance and compliance maturity model (GoCoMM) that is process-oriented. As an instance of the highest level of governance and compliance, we suggest a method of goal correlation that provides measurable indicators of security and compliance by systematically refining business processes and regulatory goals. We also introduce a run-time architecture to support this model. Copyright 2009 ACM.
Original languageEnglish
Title of host publicationProceedings of the 1st ACM Workshop on Information Security Governance, WISG '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Pages33-37
DOIs
Publication statusPublished - 2009
Externally publishedYes
Event1st ACM Workshop on Information Security Governance, WISG '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 - , United States
Duration: 9 Nov 200913 Nov 2009

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference1st ACM Workshop on Information Security Governance, WISG '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Country/TerritoryUnited States
Period9/11/0913/11/09

Fingerprint

Dive into the research topics of 'GoCoMM: A governance and compliance maturity model'. Together they form a unique fingerprint.

Cite this