Representation of security policy for a telecommunications application

Author

Dobson, John ; Martin, Mike

Author_Institution

Newcastle upon Tyne Univ., UK

fYear

1992

fDate

1992

Firstpage

87

Lastpage

92

Abstract

A discussion is given on the nature of a security policy and a distinction is made between the concepts of an organisational security policy and an automated security policy. An organisational security policy is the set of laws, rules and practices that regulate how an organisation manages, protects, and distributes resources in order to achieve specified security objectives. An automated security policy is the set of restrictions and properties that specify how a computing system prevents information and computing resources from being (mis)used to violate an organisational security policy. The authors show how to represent organisational policies in terms of an enterprise model, and how restrictions and properties of the automated policy play a key role in the enforcement of the organisational policy. They also present an example showing how these ideas are applied to security policy issues surrounding the automation of an authorisation function for a telecommunications application

Keywords

DP management; security of data; telecommunication systems; telecommunications computing; authorisation function; automated security policy; computing resources; computing system; enterprise model; laws; organisational security policy; restrictions; rules; security policy issues; specified security objectives; telecommunications application;

fLanguage

English

Publisher

iet

Conference_Titel

Software Engineering for Telecommunication Systems and Services, 1992., Eighth International Conference on

Conference_Location

Florence

Print_ISBN

0-85296-542-7

Type

conf

Filename

145601