DocumentCode :
2775477
Title :
A Methodology for Conversion of Enterprise-Level Information Security Policies to Implementation-Level Policies/Rule
Author :
Sengupta, Anirban ; Mazumdar, Chandan ; Bagchi, Aditya
Author_Institution :
Centre for Distrib. Comput., Jadavpur Univ., Kolkata, India
fYear :
2011
fDate :
19-20 Feb. 2011
Firstpage :
280
Lastpage :
283
Abstract :
An enterprise is considered as a collection of assets and their interrelationships. To ensure security, enterprise-level information security policies are specified. An information security procedure details the steps needed to implement a security policy. Implementation of security procedures needs a set of low-level (implementation-level) policies defining authorizations of subjects over objects. For a large enterprise, manual specification of low-level policies may lead to errors and conflicts. This study presents a methodology for the conversion of security procedures to low-level policies, the methodology also validates policies based on information security requirements of enterprises.
Keywords :
authorisation; business data processing; authorization; enterprise level information security policies; implementation level policies; low level policies; Authorization; Hardware; Information security; Software; Standards; Enterprise-level policy; Implementation-level policy; Information Security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Emerging Applications of Information Technology (EAIT), 2011 Second International Conference on
Conference_Location :
Kolkata
Print_ISBN :
978-1-4244-9683-9
Type :
conf
DOI :
10.1109/EAIT.2011.87
Filename :
5734967
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2775477
بازگشت