Abstract
Research has been performed in areas of auditing, a.o. security auditing, compliance auditing, financial auditing. In order to increase the efficiency of and to allow for continuous auditing, auditing tasks must be automated, which is only possible if audit data are available digitally and suitable algorithms exist.
Different areas of auditing follow different objectives, thus require different detailed tasks to be performed, yet they share a common auditing model. This is based on the consideration that in general auditing deals with the evaluation or examination of facts against a set of compliance specifications. The objective of this paper is to develop a generic model and architecture for automated auditing, thus providing the basis for the development of auditing work for specific applications. To show its general applicability, the proposed model is applied to different areas including Service Level Agreement (SLA) compliance verification and Intrusion Detection Systems. A full-fledged example is discussed showing in detail how the generic architecture is applied to the SLA compliance verification.
Chapter PDF
Similar content being viewed by others
References
ACL Services Ltd.: ACL Tops 2004 Internal Auditor Software Survey (2004)
CaseWare IDEA Inc.: IDEA: Product Profile (2004)
Daidalos: A4C Framework Design Specification. Deliverable D341 (2004)
D’Antonio, S., Esposito, M., Gargiulo, M., Romano, S.P., Ventre, G.: A Component-based Approach to SLA Monitoring in Premium IP Networks. In: First Intl. Workshop on Inter-Domain Performance and Simulation, Salzburg (2003)
Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)
G-NE GmbH: Konzeptionsansatz: Qualitätssicherung in IT-Outsourcing-Projekten mittels einer unabhängigen Prüfinstanz. Confidential Document (2002)
Hasan, Stiller, B.: Auditing Architecture for SLA Violation Detection in QoS-Supporting Mobile Internet. IST Mobile and Wireless Comm. Summit, Aveiro, Portugal, vol. 1 (2003)
Hasan, Stiller, B.: Non-repudiation of Consumption of Mobile Internet Services with Privacy Support. In: IEEE Intl. Conf. on Wireless and Mobile Computing, Networking and Communications (to be published), Montreal, Canada (2005)
Itellix Software: Wisiba: Datasheet (2003)
Keller, A., Ludwig, H.: The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services. Journal of Network and Systems Management 11(1), 57–81 (2003)
Lundin, E., Jonsson, E.: Survey of Intrusion Detection Research. Technical Report 02-04, Department of Computer Engineering, Chalmers Univ. of Technology, Göteborg (2002)
Rezaee, Z., et al.: Continuous Auditing: Building Automated Auditing Capability. Auditing: A Journal of Practice & Theory 21(1), 147–163 (2002)
Shirey, R.: Internet Security Glossary. IETF, RFC 2828 (2000)
Study Group on Communication Systems Security: Compendium of approved ITU-T Security Definitions (2003)
Softek Storage Solutions Corporation: SOFTEK EnView: Datasheet (2004)
Telemanagement Forum: SLA Management Handbook, V1.5. GB917 (2001)
U.S. Committee on National Security Systems: National Information Assurance Glossary (2003)
Vasarhelyi, M.A.: Artificial Intelligence in Accounting and Auditing. Towards New Paradigms IV (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hasan, Stiller, B. (2005). A Generic Model and Architecture for Automated Auditing. In: Schönwälder, J., Serrat, J. (eds) Ambient Networks. DSOM 2005. Lecture Notes in Computer Science, vol 3775. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11568285_11
Download citation
DOI: https://doi.org/10.1007/11568285_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29388-0
Online ISBN: 978-3-540-32244-3
eBook Packages: Computer ScienceComputer Science (R0)