• DocumentCode
    2775477
  • Title

    A Methodology for Conversion of Enterprise-Level Information Security Policies to Implementation-Level Policies/Rule

  • Author

    Sengupta, Anirban ; Mazumdar, Chandan ; Bagchi, Aditya

  • Author_Institution
    Centre for Distrib. Comput., Jadavpur Univ., Kolkata, India
  • fYear
    2011
  • fDate
    19-20 Feb. 2011
  • Firstpage
    280
  • Lastpage
    283
  • Abstract
    An enterprise is considered as a collection of assets and their interrelationships. To ensure security, enterprise-level information security policies are specified. An information security procedure details the steps needed to implement a security policy. Implementation of security procedures needs a set of low-level (implementation-level) policies defining authorizations of subjects over objects. For a large enterprise, manual specification of low-level policies may lead to errors and conflicts. This study presents a methodology for the conversion of security procedures to low-level policies, the methodology also validates policies based on information security requirements of enterprises.
  • Keywords
    authorisation; business data processing; authorization; enterprise level information security policies; implementation level policies; low level policies; Authorization; Hardware; Information security; Software; Standards; Enterprise-level policy; Implementation-level policy; Information Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Emerging Applications of Information Technology (EAIT), 2011 Second International Conference on
  • Conference_Location
    Kolkata
  • Print_ISBN
    978-1-4244-9683-9
  • Type

    conf

  • DOI
    10.1109/EAIT.2011.87
  • Filename
    5734967
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2775477