New ESVIT Software for IT Security Policy Verification in Production Systems
DOI:
https://doi.org/10.61467/2007.1558.2025.v16i3.869Keywords:
IT security policy, expert system, VPD methodAbstract
Computer security policies are relatively new to many organisations, particularly regarding their Information Security Management Systems (ISMS). Although their conceptual origins date back to the 1980s, verifying these policies computationally remains a significant challenge. This research proposes a new tool for the verification of ISMS policies based on the VPD methodology. This methodology assesses information security policies and their compliance with ISMS by comparing the set of directive policies (M1) with the implemented policies (M2). The case study presented in this paper involves the M2 policies implemented in the security system of the Mayor’s Office in the municipality of Funza, Cundinamarca. These are based on established standards, such as ISO 27001, ITIL best practice libraries, the OISM3 guidelines, and Colombian government regulations—particularly those aligned with standards set by the Ministry of Information and Communication Technologies (MINTIC). The main contribution of this research is the development of ESVIT, an expert system built upon the VPD methodology to support the evaluation of policies in both public and private sector entities.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Combinatorial Optimization Problems and Informatics
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
