Security Policy Specification

Policy-based management of information systems enables the specification of high-level policies which need to be refined into lower level configurations suitable to be directly applied to services and final devices in order to achieve the high-level behavior previous specified. This chapter presents a proposal for describing high-level security policies and for carrying out the policy refinement process for which low level policies and configurations are achieved. Firstly, an analysis of different research works related to the specification of security policy is provided. Then, a detailed description of the information model used for describing the information systems and the policies is described. After that, the language designed for specifying high level security policies is explained as well as the low level language based on the Common Information Model. Finally, some aspect about the policy refinement process done in the policy-based system in order to achieve low-level policies from the high-level security policies is outlined together with a description of the tools which can assist in the definition of the security policies and in the process refinement process.

Download Full-text

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

Journal of Electrical Engineering ◽

10.2478/v10187-010-0003-x ◽

2010 ◽

Vol 61 (1) ◽

pp. 20-28 ◽

Cited By ~ 2

Author(s):

Ahmed Hassan ◽

Waleed Bahgat

Keyword(s):

Network Security ◽

Access Control ◽

Security Policy ◽

Security Policies ◽

Second Phase ◽

Security Model ◽

Intermediate Model ◽

Low Level ◽

Proposed Model ◽

High Level

A Framework for Translating a High Level Security Policy into Low Level Security MechanismsSecurity policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Download Full-text

Security Policy Refinement: High-Level Specification to Low-Level Implementation

2013 International Conference on Social Computing ◽

10.1109/socialcom.2013.77 ◽

2013 ◽

Author(s):

Xia Yang ◽

Jim Alves-Foss

Keyword(s):

Security Policy ◽

Low Level ◽

Policy Refinement ◽

High Level

Download Full-text

Security Policies and Procedures

Strategic Information Systems ◽

10.4018/978-1-60566-677-8.ch149 ◽

2011 ◽

pp. 2352-2364

Author(s):

Yvette Ghormley

Keyword(s):

Information Systems ◽

Security Policy ◽

Security Policies ◽

Human Element ◽

Weakest Link ◽

Adoption And Implementation ◽

Policies And Procedures ◽

Management Commitment ◽

Physical Assets ◽

And Training

The number and severity of attacks on computer and information systems in the last two decades has steadily risen and mandates the use of security policies by organizations to protect digital as well as physical assets. Although the adoption and implementation of such policies still falls far short, progress is being made. Issues of management commitment, flexibility, structural informality, training, and compliance are among the obstacles that currently hinder greater and more comprehensive coverage for businesses. As security awareness and security-conscious cultures continue to grow, it is likely that research into better methodologies will increase with concomitant efficiency of security policy creation and implementation. However, attacks are becoming increasingly more sophisticated. While the human element is often the weakest link in security, much can be done to mitigate this problem provided security policies are kept focused and properly disseminated, and training and enforcement are applied.

Download Full-text

A framework for translating a high level security policy into low level security mechanisms

2009 IEEE/ACS International Conference on Computer Systems and Applications ◽

10.1109/aiccsa.2009.5069371 ◽

2009 ◽

Cited By ~ 5

Author(s):

Ahmad A. Hassan ◽

Waleed M. Bahgat

Keyword(s):

Security Policy ◽

Low Level ◽

High Level

Download Full-text

Preparing for Cyber Threats with Information Security Policies

International Journal of Cyber Warfare and Terrorism ◽

10.4018/ijcwt.2013100103 ◽

2013 ◽

Vol 3 (4) ◽

pp. 22-31

Author(s):

Ilona Ilvonen ◽

Pasi Virtanen

Keyword(s):

Information Systems ◽

Information Security ◽

Literature Review ◽

Scenario Analysis ◽

Security Policy ◽

Potential Effect ◽

Security Policies ◽

The Internet ◽

Cyber Threats

Contemporary organisations in any industry are increasingly dependent on information systems. Today most organisations are online all the time, and their internal systems are used in environments that are already or easily connected to the internet. The paper analyses cyber threats and their potential effect on the operations of different organisations with the use of scenario analysis. The scenarios are built based on a literature review. One outcome of the analysis is that to an organisation it is irrelevant where a cyber threat originates from and who it is targeted for. If the threat is specifically targeted to the organisation or if the threat is collateral in nature is not important; preparing for the threat is important in both cases. The paper discusses the pressures that the cyber threats pose to information security policies, and what the role of the information security policy could be in preparing for the threats.

Download Full-text

Implementation of a Formal Security Policy Refinement Process in WBEM Architecture

Journal of Network and Systems Management ◽

10.1007/s10922-007-9063-z ◽

2007 ◽

Vol 15 (2) ◽

pp. 241-266 ◽

Cited By ~ 7

Author(s):

Romain Laborde ◽

Michel Kamel ◽

François Barrère ◽

Abdelmalek Benzekri

Keyword(s):

Security Policy ◽

Refinement Process ◽

Policy Refinement

Download Full-text

Security Policies and Procedures

Handbook of Research on Information Security and Assurance ◽

10.4018/978-1-59904-855-0.ch027 ◽

2009 ◽

pp. 320-330

Author(s):

Yvette Ghormley

Keyword(s):

Information Systems ◽

Security Policy ◽

Security Policies ◽

Human Element ◽

Weakest Link ◽

Adoption And Implementation ◽

Policies And Procedures ◽

Management Commitment ◽

Physical Assets ◽

And Training

Download Full-text

A Framework for ICT Security Policy Management

Advances in IT Standards and Standardization Research - Frameworks for ICT Policy ◽

10.4018/978-1-61692-012-8.ch001 ◽

2010 ◽

pp. 1-14 ◽

Cited By ~ 3

Author(s):

Sitalakshmi Venkatraman

Keyword(s):

Information And Communication Technologies ◽

Security Policy ◽

Security Policies ◽

Policy Management ◽

Business Operations ◽

Information And Communication ◽

Policy Alignment ◽

Ict Infrastructure ◽

High Level ◽

Ict Security

Organisations around the world are increasingly relying on the potential of information and communication technologies (ICTs) for their business operations as well as competitiveness. Huge amounts of money and time are invested on ICT infrastructure as there exists a high level of business dependency on ICT. Hence, protecting the ICT resources using effective security policies is of utmost importance for the sustenance of organisations. With the recent exponential rise in ICT security threats witnessed worldwide, governments and businesses are trying to successfully develop ICT security policies for their internal and external operations. While ICT security best practices are quite similar globally, ICT security policy management is very much localised and specific to different business scenarios and applications. Moreover, ICT security policies in an organization keep evolving from time to time and more recently changes take place at a much faster pace. This situation warrants a pragmatic framework for the development and management of ICT security policies in an organisation. Much research has focused on formulating frameworks for ICT management in general and there is a paucity of guidelines in literature for ICT security policy management, in particular. This chapter explores ICT security management issues faced in different environments and proposes an integrated framework for managing ICT security policies in an iterative manner. The framework provides the flexibility and adaptability for different organisations to follow the guidelines effectively as it emphasises on policy alignment with business objectives. Since the framework underpins the continuous improvement philosophy, it caters to ICT security policy reform and implementations for the future as well.

Download Full-text

Modeling and design of role engineering in development of access control for dynamic information systems

Bulletin of the Polish Academy of Sciences Technical Sciences ◽

10.2478/bpasts-2013-0058 ◽

2013 ◽

Vol 61 (3) ◽

pp. 569-579 ◽

Cited By ~ 2

Author(s):

A. Poniszewska-Marańda

Keyword(s):

Information Systems ◽

Dynamic Information ◽

Minimal Set ◽

Distributed Information ◽

Heterogeneous Information ◽

System Protection ◽

Level Model ◽

Model Independent ◽

Role Concept ◽

High Level

Abstract Nowadays, the growth and complexity of functionalities of current information systems, especially dynamic, distributed and heterogeneous information systems, makes the design and creation of such systems a difficult task and at the same time, strategic for businesses. A very important stage of data protection in an information system is the creation of a high level model, independent of the software, satisfying the needs of system protection and security. The process of role engineering, i.e. the identification of roles and setting up in an organization is a complex task. The paper presents the modeling and design stages in the process of role engineering in the aspect of security schema development for information systems, in particular for dynamic, distributed information systems, based on the role concept and the usage concept. Such a schema is created first of all during the design phase of a system. Two actors should cooperate with each other in this creation process, the application developer and the security administrator, to determine the minimal set of user’s roles in agreement with the security constraints that guarantee the global security coherence of the system.

Download Full-text

Teknik Data Mining Dalam Clustering Produksi Susu Segar Di Indonesia Dengan Algoritma K-Means

BRAHMANA: Jurnal Penerapan Kecerdasan Buatan ◽

10.30645/brahmana.v1i1.5 ◽

2019 ◽

Vol 1 (1) ◽

pp. 31-39

Author(s):

Ilham Safitra Damanik ◽

Sundari Retno Andani ◽

Dedi Sehendro

Keyword(s):

Data Mining ◽

Milk Production ◽

Clustering Algorithm ◽

Clustering Method ◽

Data Mining Techniques ◽

Low Level ◽

Fresh Milk ◽

Nutritional Needs ◽

High Level ◽

Level Cluster

Milk is an important intake to meet nutritional needs. Both consumed by children, and adults. Indonesia has many producers of fresh milk, but it is not sufficient for national milk needs. Data mining is a science in the field of computers that is widely used in research. one of the data mining techniques is Clustering. Clustering is a method by grouping data. The Clustering method will be more optimal if you use a lot of data. Data to be used are provincial data in Indonesia from 2000 to 2017 obtained from the Central Statistics Agency. The results of this study are in Clusters based on 2 milk-producing groups, namely high-dairy producers and low-milk producing regions. From 27 data on fresh milk production in Indonesia, two high-level provinces can be obtained, namely: West Java and East Java. And 25 others were added in 7 provinces which did not follow the calculation of the K-Means Clustering Algorithm, including in the low level cluster.

Download Full-text