Author_Institution :
Trusted Inf. Syst. Inc., Glenwood, MD, USA
Abstract :
It is pointed out that, although the term `security policy´ is fundamental to computer security, its conflicting meanings have obscured important conceptual distinctions, especially where concerns other than confidentiality are involved. A clearer definition is needed to clarify routine technical discourse, facilitate resolution of key research issues, and establish the scope of security research and standardization efforts. The terms security policy objective, organization security policy, and automated security policy are proposed. These terms are based on simple generalizations of ideas that underlie the trusted computer system evaluation criteria (TCSEC). Yet, they describe a view of security that is more precise, more general, and different than `confidentiality, integrity, and assured service´. Their usefulness in clarifying conceptual and terminological issues is illustrated through examples
Keywords :
computer evaluation; security of data; software reliability; standards; TCSEC; computer security; security policy; standardization; trusted computer system evaluation criteria; Availability; Computer security; Humans; Information security; Information systems; Reliability engineering; Software engineering; Software safety; Systems engineering and theory; Terminology;
