Title :
Enforceability vs. accountability in electronic policies
Author :
Breaux, Travis D. ; Antón, Annie I. ; Karat, Clare-Marie ; Karat, John
Author_Institution :
North Carolina State Univ., Raleigh, NC
Abstract :
Laws, regulations, policies and standards are increasing the requirements complexity of software systems that ensure information resources are both available and protected. To motivate discussions as to how current policy models can address this problem, we surveyed several regulations, standards and organizational security policies to identify how elements in these documents affect both personnel responsibilities and software system security. We present a resulting taxonomy that distinguishes between enforceable and accountable policies and we discuss the value of both in achieving compliance
Keywords :
law; security of data; software standards; accountable policies; electronic policies; enforceable policies; information resources; laws; organizational security policies; policy models; requirements complexity; software system regulations; software system security; software system standards; Computer security; ISO standards; Information security; Law; NIST; Personnel; Protection; Software standards; Software systems; Standards organizations;
Conference_Titel :
Policies for Distributed Systems and Networks, 2006. Policy 2006. Seventh IEEE International Workshop on
Conference_Location :
London, Ont.
Print_ISBN :
0-7695-2598-9
DOI :
10.1109/POLICY.2006.18
