The seven elements of the brewer Security Matrix are as follows:
- organizational cyber compliance can be enhanced through the following elements.
- Identification-assist in detecting the compliance level of an organization.
- Authentication-refers to the process of establishing the suitability of control measures.
- Authorization-important in executing commands of a system.
- Access Control-regulating the ease with each a system can be accessed.
- Administration-management of the compliance system.
- Auditing-carrying our appraisal of the system.
- Assessment-evaluating whether an organization has fully complied.
The Sarbanes-Oxley Act of 2003 helps with internal controls and reporting by enhancing corporate transparency. It was enacted and adopted as an accountability la to corporations when reporting (Sarbanes-Oxley Act, 2009). The Act compels organizations to give the most accurate and precise company reports and if they fail to do so, they are held liable for poor reporting. Therefore, this piece of legislation greatly assists in improving the state of internal controls through accurate reporting. Audit reports and even those capturing data on cybersecurity compliance are under check courtesy of the Act.
Knowledgebase and inference engine are the two critical components of an expert system. However, it is worthy to note that both components utilize artificial intelligence platform. When it comes to internal controls and reporting in cybersecurity, facts and rules are required and therefore must be used (Göztepe, 2012). The latter is generated from the knowledge base component of the expert system.
Thereafter, the known facts are fed with the rules based on the information gathered from the inference engine. Also, there are instances when debugging capabilities and descriptions may be part and parcel of inference engines. The high cost of operation stands out as the main disadvantage of expert systems in security reporting and controls. For instance, any expert system should be managed by a team of well-trained professionals. Besides, such systems consume a lot of time before the final reports can be eventually generated. However,
An expert system improves the capabilities of an organization to run resilient, dependable information and communication platforms. Better still; expert systems can swiftly counter complex cyberspace threats in addition to ensuring secure access to cyberspace (Whitman & Mattord, 2011). Two main measurement approaches used in internal cyber controls include the time of detection of a threat and time before internal fines are executed. This implies that time metric is a crucial measurement that cannot be ignored at all when monitoring and generally managing internal cyber control.
Cyber compliance requires the fulfillment of certain standards and performance targets (Darius & Valdas, 2012). In other words, compliance does not come at a cheap cost. In any case, the safety of organizations largely depends on the compliance standards and performance goals that have been put up in place. Countrywide and industry safety also rely on existing compliance standards. One of the most outstanding benchmarks is the Security compliance framework. Internal controls and auditing should be done regularly. The Sarbanes-Oxley Act of 2000 also sets forth a performance dashboard that can be emulated by organizations.
International information security regulations should be harmonized so that all forms of controls and reporting are carried out correctly. Besides, accuracy is vital when it comes to security regulations on the global platform since better methods of addressing existing and emerging threats can be attained in a harmonized platform.
If individual nations forge their own information security regulatory measures, it is highly likely that some controls may be duplicated or even monitored by attackers. A unified approach enhances vibrancy and efficiency in security regulations (Eastton & Taylor, 2011). The latter ideal can only be achieved by harmonizing global information security control systems.
References
Darius, Š. & Valdas, K. (2012). The Regulation of the Security of Electronic Information in Lithuania and Russia: the Comparative Aspects. Social Technologies, 3(2), 441.
Eastton, C., & Taylor, J. (2011). Computer Crime, Investigation, and the Law. Boston, MA: Course Technology, Cengage Learning.
Göztepe, K. (2012). Designing a Fuzzy Rule Based Expert System for Cyber Security. International Journal of Information Security Science, 1(1), 13-19.
Sarbanes-Oxley Act. (2009). Web.
Whitman, M. E., & Mattord, H. (2011). Reading & Cases in Information Security: Law & Ethics. Boston, MA: Course Technology, Cengage Learning.