Transparent?Compliance (TC)?

The technology infrastructure of an organisation is a complex set of multitudes of services interconnected with each other. This complexity is?then?translated?into security and privacy-preserving policies/services?for the organisation. Most of these services are configured and operate in silos, with little interconnectivity. This creates an enormous challenge for managing security and privacy practices -- from organisational policies and services to monitored activities. The challenges are to:

?a.integrate all security- and privacy-related services into a single portal,?

b.provide a real-time security and privacy visualisation and?

c.provide a transparent auditing and compliance assessment service that analyses the activities in an organisation?as a whole and?not as a subset of individual services such as firewalls or IDS logs/events.

Transparent Compliance will monitor security and privacy services in an organisation, integrating their monitoring logs and building a causality chain. The chain represents the sequences of inter-related events that might be temporally disjointed and allowed at the individual level but collectively might violate the security and privacy policies. The causality chain is analysed to verify an organisation's compliance with the required security and privacy preservation policies, thus providing a holistic, corporate-wide, real-time auditing and compliance assessment service.