A process model design and tool support for information assets access control using security patterns

Author

Ratchakom, Mathaya ; Prompoon, Nakomthip

Author_Institution

Dept. of Comput. Eng., Chulalongkorn Univ., Bangkok, Thailand

fYear

2011

fDate

11-13 May 2011

Firstpage

307

Lastpage

312

Abstract

Information assets such as customer information, business transaction, and contract transaction data are important for the organization as these assets affect business value and operation. Therefore, to manage information assets, the organization needs to establish the security system, one of the non-functional requirements, to control the resource accessibility. The security patterns provide practices for formal security process establishment which could be applied to assets access control. However, the security patterns explanations are specific but an applying has to define process operation in details. This research proposes a design of process model for Information Assets Access Control (IAAC) using security patterns. In addition, the proposed process model also uses ISO/IEC 27001:2005 and ISO/IEC 27002:2005 as a fundamental framework. The supporting templates are also designed to support the proposed process model.

Keywords

IEC standards; ISO standards; authorisation; business data processing; ISO/IEC 27001:2005; ISO/IEC 27002:2005; business transaction; contract transaction data; formal security process establishment; information asset management; information assets access control; process model design; resource accessibility control; security pattern; security system; tool support; Access Control; Information Asset; Process Model Design; Security Patters;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Software Engineering (JCSSE), 2011 Eighth International Joint Conference on

Conference_Location

Nakhon Pathom

Print_ISBN

978-1-4577-0686-8

Type

conf

DOI

10.1109/JCSSE.2011.5930139

Filename

5930139