（2005）A Generic Model and Architecture for Automated Auditing.pdfVIP

A Generic Model and Architecture for Automated Auditing 1 1,2 Hasan , Burkhard Stiller 1 Computer Engineering and Networks Laboratory TIK, ETH Zürich, Switzerland {hasan, stiller}@tik.ee.ethz.ch 2 Computer Science Department IFI, University of Zürich, Switzerland stiller@ifi.unizh.ch Abstract. Research has been performed in areas of auditing, a.o. security audit- ing, compliance auditing, financial auditing. In order to increase the efficiency of and to allow for continuous auditing, auditing tasks must be automated, which is only possible if audit data are available digitally and suitable algorithms exist. Different areas of auditing follow different objectives, thus require different de- tailed tasks to be performed, yet they share a common auditing model. This is based on the consideration that in general auditing deals with the evaluation or examination of facts against a set of compliance specifications. The objective of this paper is to develop a generic model and architecture for automated auditing, thus providing the basis for the development of auditing work for specific appli- cations. To show its general applicability, the proposed model is applied to dif- ferent areas including Service Level Agreement (SLA) compliance verification and Intrusion Detection Systems. A full-fledged example is discussed showing in detail how the generic architecture is applied to the SLA compliance verification. 1 Introduction Auditing is a widely applied concept for investigating the adequacy of a system against a set of requirements. Traditional areas of auditing comprise amongst others financial audits, c