Deriving and Modelling Compliance Requirements from Legal Audits
Abstract
The overall demand for a stable and reliable financial system prompted the legislators to react by passing regulations preventing further crises. A central part of those regulations is the handling of operational risks in the economy. Financial institutions have to provide more comprehensive capabilities to handle those risks. In order to decrease the vulnerability to risks and since information technology (IT) has become central within the nancial system, the induced laws imply consequences to IT systems. Adequate risk management is necessary to meet the legal obligations.
Although IT governance and compliance are common parts within IT management, the derivation of concrete measures for existing systems is not trivial. We propose a method to derive concrete legal obligations, classified in requirements, goals and principles. Furthermore we show how existing enterprise models can be enhanced with those demands using the modeling language ArchiMate. We have created several normative models for dierent areas in IT and discuss one of them, namely "User Authorization Management".
| Attribute | Value |
|---|---|
| Address | Frankfurt am Main, Germany |
| Authors | Dr. Bernhard Waltl , Dr. Alexander W. Schneider , Florian Matthes |
| Citation | Waltl, B.; Schneider, A. W.; Matthes, F.: Deriving and Modelling Compliance Requirements from Legal Audits, EICAR: Trust and Transparency in IT Security, Frankfurt am Main, Germany, 2014 |
| Key | Wa14b |
| Research project | |
| Title | Deriving and Modelling Compliance Requirements from Legal Audits |
| Type of publication | Conference |
| Year | 2014 |
| Acronym | EICAR 2014 |
| Project | |
| Publication URL | |
| Team members |