Intrusion countermeasures security model based on prioritization scheme for intranet access security (emerging concepts category)

Access controls and perimeter defenses are essential parts of an enterprise´s security armory. However, for a comprehensive intranet security strategy, such defenses alone may not be enough. An enterprise needs mechanisms to analyze alerts and detect real attacks, and policies on how to respond to attacks. A framework for effective response to detection of misuse or attack is a central theme. The focus is towards security of corporate intranets. We first discuss the access control models that are currently being deployed and used at most intranet solutions. Using role based access control as a base, we develop a framework of interaction of various entities in the model. We then propose a prioritization scheme based on cost of impact in case of misuse and business criticality of transactions. The scheme is developed based on categorization and prioritization of risk and vulnerability assessment results for an enterprise intranet. Alerts are a critical element of a real-time response, but how alert engines operate and filter tons of log data decides the effectiveness of such infrastructure. We propose incorporation of priority schemes into alert mechanisms to develop a more effective intrusion countermeasure against misuse and attack. It leverages the enterprise´s investment in security technology to develop an optimized solution to respond to those attacks, by advising the enterprise´s on-site administrators.