{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:01:33Z","timestamp":1754157693253,"version":"3.41.2"},"reference-count":30,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2005,9,1]],"date-time":"2005-09-01T00:00:00Z","timestamp":1125532800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,9,1]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>One of the problems facing systems administrators and security auditors is that a security test\/audit can generate a vast quantity of information that needs to be stored, analysed and cross referenced for later use. The current state\u2010of\u2010the\u2010art in security audit tools does not allow for information from multiple different tools to be shared and integrated. This paper aims to develop an Extensible Markup Language (XML)\u2010based architecture that is capable of encoding information from a variety of disparate heterogeneous sources and then unifying and integrating them into a single SQL database schema.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>The paper demonstrates how, through the application of the architecture, large quantities of security related information can be captured within a single database schema. This database can then be used to ensure that systems are conforming to an organisation's network security policy.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>This type of data integration and data unification within a vulnerability assessment\/security audit is currently not possible; this leads to confusion and omissions in the security audit process.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>This paper develops a data integration and unification architecture that will allow data from multiple vulnerability assessment tools to be integrated into a single unified picture of the security state of a network of interconnected computer systems.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220510614399","type":"journal-article","created":{"date-parts":[[2005,8,31]],"date-time":"2005-08-31T20:09:33Z","timestamp":1125518973000},"page":"260-273","source":"Crossref","is-referenced-by-count":0,"title":["An XML\u2010based architecture for data integration in vulnerability assessments"],"prefix":"10.1108","volume":"13","author":[{"given":"Andrew","family":"Blyth","sequence":"first","affiliation":[]},{"given":"Paula","family":"Thomas","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"unstructured":"Albitz, P. and Liu, C. (1998), DNS and BIND, 3rd ed., O'Reilly, Sebastopol, CA.","key":"key2021010620432684600_b1"},{"unstructured":"Bainbridge, D. (2004), Introduction to Computer Law, Longman, Harlow.","key":"key2021010620432684600_b2"},{"doi-asserted-by":"crossref","unstructured":"Blyth, A.J.C. and Kovacich, G.L. (2001), Information Assurance: Surviving in the Information Environment, Springer\u2010Verlag, New York, NY.","key":"key2021010620432684600_b3","DOI":"10.1007\/978-1-4471-3706-1_1"},{"unstructured":"Carroll, J.M. (1996), Computer Security, 3rd ed., Butterworth\u2010Heinemann, Stoneham, MA.","key":"key2021010620432684600_b5"},{"unstructured":"Comer, D. (2000), Internetworking with TCP\/IP: Principles, Protocols and Architectures, 4th ed., Vol. 1, Prentice\u2010Hall, Englewood Cliffs, NJ.","key":"key2021010620432684600_b6"},{"unstructured":"Dodwell, B. (1997), \u201cManaging information security \u2013 achieving BS7799\u201d, Financial Times Management Briefings, Financial Times, Prentice\u2010Hall, Englewood Cliffs, NJ.","key":"key2021010620432684600_b7"},{"doi-asserted-by":"crossref","unstructured":"Furnell, S.M., Chiliarchaki, P. and Dowland, P.S. (2002), \u201cSecurity analyzers: administrator assistants or hacker helpers?\u201d, Journal of Information Management & Computer Security, Vol. 9 No. 2.","key":"key2021010620432684600_b8","DOI":"10.1108\/09685220110388872"},{"doi-asserted-by":"crossref","unstructured":"Grosof, B.N., Labrou, Y. and Chan, H.Y. (1999), \u201cA declarative approach to business rules in contracts: courteous logic programs in XML\u201d, Proceedings of the First ACM Conference on Electronic Commerce, ACM Press, New York, NY.","key":"key2021010620432684600_b9","DOI":"10.1145\/336992.337010"},{"doi-asserted-by":"crossref","unstructured":"Gunara\u2010Chen, G. (2003), \u201cThe art of intrusion testing\u201d, Information Security Technical Report, Vol. 8 No. 4, Elsevier.","key":"key2021010620432684600_b10","DOI":"10.1016\/S1363-4127(03)00002-5"},{"unstructured":"Hallam\u2010Baker, P. (Ed.) (2003), \u201cXML key management specification (XKMS)\u201d, W3C working draft, available at: www.w3.org\/TR\/xkms2.","key":"key2021010620432684600_b11"},{"doi-asserted-by":"crossref","unstructured":"Han, R., Perret, V. and Naghshineh, M. (2000), \u201cWebSplitter: a unified XML framework for multi\u2010device collaborative web browsing\u201d, Proceedings of the 2000 ACM Conference on Computer Supported Cooperative Work, ACM Press, New York, NY.","key":"key2021010620432684600_b12","DOI":"10.1145\/358916.358993"},{"doi-asserted-by":"crossref","unstructured":"Helms, M.M., Ettkin, L.P. and Morris, D.J. (2002), \u201cShielding your company against information compromise\u201d, Journal of Information Management & Computer Security, Vol. 8 No. 3.","key":"key2021010620432684600_b13","DOI":"10.1108\/09685220010339228"},{"unstructured":"Herog, P. (2000), Open\u2010Source Security Testing Methodology Manual, Version 2.0, available at: www.isecom.org\/projects\/osstmm.htm.","key":"key2021010620432684600_b14"},{"unstructured":"Imamura, T., Dillaway, B. and Simom, E. (2002), \u201cXML encryption syntax and processing\u201d, W3C recommendation, available at: www.w3.org\/TR\/xmlenc\u2010core\/.","key":"key2021010620432684600_b15"},{"unstructured":"Jones, A. and Sutherland, I. (2003), \u201cThreats to information systems and the way we deal with them\u201d, Information Security Bulletin, Vol. 8 No. 4, pp. 143\u201055.","key":"key2021010620432684600_b16"},{"unstructured":"Le Hors, A., Le H\u00e9garet, P., Wood, L., Nicol, G., Robie, J., Champion, M. and Byrne, S. (2000), \u201cDocument object model (DOM) level 2 core specification\u201d, Version 1.0, W3C recommendation, available at: www.w3.org\/TR\/DOM\u2010Level\u20102\u2010Core.","key":"key2021010620432684600_b17"},{"doi-asserted-by":"crossref","unstructured":"Lim, B.B.L. and Wen, H.J. (2002), \u201cThe impact of next generation XML\u201d, Journal of Information Management & Computer Security, Vol. 10 No. 1.","key":"key2021010620432684600_b18","DOI":"10.1108\/09685220210417490"},{"unstructured":"Lutz, M. (2001), Programming Python, 2nd ed., O'Reilly, Sebastopol, CA.","key":"key2021010620432684600_b19"},{"unstructured":"McClue, S., Scambray, J. and Kurtz, G. (2003), Hacking Exposed, Osborne.","key":"key2021010620432684600_b20"},{"doi-asserted-by":"crossref","unstructured":"Midian, P. (2003), \u201cHow to ensure an effective penetration test\u201d, Information Security Technical Report, Vol. 8 No. 4.","key":"key2021010620432684600_b21","DOI":"10.1016\/S1363-4127(03)00008-6"},{"doi-asserted-by":"crossref","unstructured":"Millerhaug, S. (2003), \u201cUseful vulnerability assessment\u201d, Information Security Technical Report, Vol. 8 No. 4.","key":"key2021010620432684600_b22","DOI":"10.1016\/S1363-4127(03)00009-8"},{"unstructured":"Pfleeger, C.P. and Pfleeger, S.L. (2003), Security in Computing, 3rd ed., Prentice\u2010Hall, Englewood Cliffs, NJ.","key":"key2021010620432684600_b23"},{"doi-asserted-by":"crossref","unstructured":"Stonebraker, M., Joseph, M. and Hellerstein, J.M. (2001), \u201cContent integration for e\u2010business\u201d, Proceedings of the 2001 ACM SIGMOD International Conference on Management of Data, ACM Press, New York, NY.","key":"key2021010620432684600_b24","DOI":"10.1145\/375663.375739"},{"unstructured":"Symantec (2003), Symantec Internet Security Threat Report, Vol. V, Symantec, Cupertino, CA, published March 2004.","key":"key2021010620432684600_b25"},{"doi-asserted-by":"crossref","unstructured":"Turau, V. (2002), \u201cWeb and e\u2010business application: a framework for automatic generation of web\u2010based data entry applications based on XML\u201d, Proceedings of 2002 ACM Symposium on Applied Computing, ACM Press, New York, NY.","key":"key2021010620432684600_b26","DOI":"10.1145\/508791.509011"},{"doi-asserted-by":"crossref","unstructured":"Xenitellis, S.D. (2003), \u201cIdentifying security vulnerabilities through input flow tracing and analysis\u201d, Journal of Information Management & Computer Security, Vol. 11 No. 4.","key":"key2021010620432684600_b28","DOI":"10.1108\/09685220310489562"},{"doi-asserted-by":"crossref","unstructured":"Yang, C., Chang, N. and Zhang, C.N. (2003), \u201cAn XML\u2010based administration method on role\u2010based access control in the enterprise environment\u201d, Journal of Information Management & Computer Security, Vol. 11 No. 5.","key":"key2021010620432684600_b29","DOI":"10.1108\/09685220310500162"},{"unstructured":"Yang, J., van den Heuvel, W.J. and Papazoglou, M.P. (2001), \u201cService deployment for virtual enterprises\u201d, Australian Computer Science Communications, Proceedings of the Workshop on Information Technology for Virtual Enterprises, ACM Press, New York, NY.","key":"key2021010620432684600_b30"},{"unstructured":"Bray, T., Paoli, J., Sperberg\u2010McQueen, C.M. and Maler, E. (Eds) (2000), \u201cExtensible markup language (XML) 1.0 (second edition)\u201d, W3C Recommendation, available at: www.w3.org\/TR\/REC\u2010xml.","key":"key2021010620432684600_frd1"},{"doi-asserted-by":"crossref","unstructured":"Stonebraker, M. and Hellerstein, J.M. (2001), \u201cContent integration for e\u2010business\u201d, Proceedings of the 2001 ACM SIGMOD International Conference on Management of Data, ACM Press, New York, NY.","key":"key2021010620432684600_frd2","DOI":"10.1145\/375663.375739"}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220510614399","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510614399\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220510614399\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:08:54Z","timestamp":1753402134000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/13\/4\/260-273\/171339"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,9,1]]},"references-count":30,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2005,9,1]]}},"alternative-id":["10.1108\/09685220510614399"],"URL":"https:\/\/doi.org\/10.1108\/09685220510614399","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2005,9,1]]}}}