@inproceedings{a3d3b6d04f1a488c89df7b4c55a63f51,
title = "GoCoMM: A governance and compliance maturity model",
abstract = "Advanced methodologies for compliance such as CobiT identify a number of maturity levels that must be reached: first the existence of an infrastructure for the enforcement of security controls; second, the ability to continuously monitor and audit quantifiable indicators for the controls put in place; and third, the ability to react when a policy violation is detected. In this paper, we go further and define a governance and compliance maturity model (GoCoMM) that is process-oriented. As an instance of the highest level of governance and compliance, we suggest a method of goal correlation that provides measurable indicators of security and compliance by systematically refining business processes and regulatory goals. We also introduce a run-time architecture to support this model. Copyright 2009 ACM.",
author = "G. Gheorghe and F. Massacci and S. Neuhaus and A. Pretschner",
year = "2009",
doi = "10.1145/1655168.1655175",
language = "English",
isbn = "9781605587875",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
pages = "33--37",
booktitle = "Proceedings of the 1st ACM Workshop on Information Security Governance, WISG '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09",
note = "1st ACM Workshop on Information Security Governance, WISG '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 ; Conference date: 09-11-2009 Through 13-11-2009",
}