Title: VoIP security auditing model based on COBIT 4.1

Authors: Oscar Danilo Gavilánez Alvarez; Glen Dario Rodriguez Rafael

Addresses: Facultad de Ingeniería de Sistemas e Informática, Universidad Nacional Mayor de San Marcos, Lima, Peru ' Facultad de Ingeniería de Sistemas e Informática, Universidad Nacional Mayor de San Marcos, Lima, Peru

Abstract: The article justifies the need for a specific model of VoIP security auditing that evaluates the incidence of security problems and addresses the challenges in terms of protecting IT resources. The current VoIP security problems are determined based on the analysis of auditing frameworks, and a model based on COBIT 4.1 is proposed to address these problems. As an innovation, the model includes the security culture plan and social engineering from the approach of the user as an IT service customer. In this work, we present the validation of the surveys using Cronbach's alpha and the results of the statistical average of the surveys applied to experts in social engineering and security auditing in VoIP. The proposed VoIP security auditing model, called VoIPSAM, considers four domains – plan and organise, acquire and implement, delivery and support. and monitor and evaluate – which consider specific security policies for its application.

Keywords: model of security auditing; social engineering; security culture plan; VoIP; COBIT.

DOI: 10.1504/IJSN.2022.123293

International Journal of Security and Networks, 2022 Vol.17 No.2, pp.63 - 76

Received: 06 Jan 2020
Accepted: 05 Feb 2021
Published online: 08 Jun 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article