Important: This instance is deprecated and will be closed soon! Please visit this platform
26-29 May 2015
Europe/Berlin timezone
Home > Timetable > Session details > Contribution details

Contribution Complete Research Paper

Fürstenberghaus - F5
31 - Security and Privacy of Information and IS

How to Increase the Inventory Efficiency in Information Security Eisk and Compliance Management


  • Johannes HEURIX

Primary authors

  • Stefan FENZ (Vienna University of Technology and SBA Research)



The inventory process, i.e. the assessment of assets and implemented countermeasures, consumes a significant amount of time in the risk and compliance management process. Assets and countermeasures have to be identified and classified in terms of confidentiality, integrity and availability requirements. Depending on the organization's size this process may include thousands of assets and countermeasures. This paper presents a novel inventory approach for assets and already implemented technical, physical, and organizational countermeasures (based on tools for network device mapping, software inventory, asset management, etc.). To efficiently assess implemented organizational countermeasures (policies, guidelines, etc.) we developed a keyword- and rule-based approach which automatically identifies existing policies in the ISO 27002 control context. The method and its implementation support middle and large organizations at efficiently assessing assets and implemented countermeasures by highly automating the inventory process. The method is not bound to any organization type or industry sector.