A formal methodology for detection of vulnerabilities in an enterprise information system

Author

Sengupta, Anirban ; Mazumdar, Chandan ; Bagchi, Aditya

Author_Institution

Centre for Distrib. Comput., Jadavpur Univ., Kolkata, India

fYear

2009

fDate

19-22 Oct. 2009

Firstpage

74

Lastpage

81

Abstract

From information security point of view, an enterprise is considered as a collection of assets and their interrelations. These interrelations may be built into the enterprise information infrastructure, as in the case of connection of hardware elements in network architecture, or installation of software or information assets in hardware. As a result, access to one element may enable access to another if they are connected. An enterprise may specify conditions on the access of certain assets in certain mode (read, write etc.) as policies. The interconnection of assets, along with specified policies, may lead to managerial vulnerabilities in the enterprise information system. These vulnerabilities, if exploited by threats, may cause disruption to the normal functioning of information systems. This paper presents a formal method for detection of managerial vulnerabilities of enterprise information systems in linear time.

Keywords

management information systems; security of data; enterprise information system; information security; managerial vulnerability detection; Asset management; Computer architecture; Distributed computing; Hardware; Information security; Information systems; Management information systems; NIST; Protection; Safety;

fLanguage

English

Publisher

ieee

Conference_Titel

Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on

Conference_Location

Toulouse

ISSN

2151-4763

Print_ISBN

978-1-4244-4498-4

Electronic_ISBN

2151-4763

Type

conf

DOI

10.1109/CRISIS.2009.5411976

Filename

5411976