The Design and Implementation of an Automated Security Compliance Toolkit: A Pedagogical Exercise
 

Guillermo Francia III
gfrancia@jsu.edu
Computer Security and Forensics Laboratory
Jacksonville State University, Jacksonville, AL USA

Brian Estes
bestes83@gmail.com

Rahjima Francia
jima.francia@gmail.com

Vu Nguyen
tienvunguyen@yahoo.com

Alex Scroggins
alex_scroggins@yahoo.com
 

ABSTRACT

The demand, through government regulations, for the preservation of the security, integrity, and privacy of corporate and customer information is increasing at an unprecedented pace. Government and private entities struggle to comply with these regulations through various means—both automated and manual controls. This paper presents an automated security compliance toolkit that is designed and developed using mostly open source tools to demonstrate that 1) meeting regulatory compliance does not need to be a very expensive proposition and 2) an undertaking of this magnitude could be served as a pedagogical exercise for students in the areas of collaboration, project management, software engineering, information assurance, and regulatory compliance.

Keywords: Information Security, Compliance Toolkit, Forensics, Log Management, Intrusion Detection, Vulnerability Assessment, Sarbanes-Oxley, HIPAA, FISMA, GLBA.