Enterprise Information System Security: A Life-Cycle Approach

There has been an unprecedented thrust in employing Computers and Communication technologies in all walks of life. The systems enabled by Information Technology are becoming more and more complex resulting in various threats and vulnerabilities. The security properties, like confidentiality, integrity, and availability, are becoming more and more difficult to protect. In this chapter, a life-cycle approach to achieve and maintain security of enterprises has been proposed. First, enterprise information systems are looked at in detail. Then, the need for enterprise information system security and problems associated with security implementation are discussed. The authors consider enterprise information system security as a management issue and detail the information security parameters. Finally, the proposed security engineering life-cycle is described in detail, which includes, Security Requirement Analysis, Security Policy Formulation, Security Infrastructure Advisory Generation, Security Testing and Validation, and Review and Monitoring phases.

[1]  Latha Parameswaran,et al.  A Semi-fragile Image Watermarking using Wavelet Inter Coefficient Relations , 2007, Int. J. Inf. Secur. Priv..

[2]  Przemyslaw Lech Is it Really so 'Strategic'?: Motivational Factors for Investing in Enterprise Systems , 2011, Int. J. Enterp. Inf. Syst..

[3]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[4]  Mehruz Kamal,et al.  Information Technology Interventions for Growth and Competitiveness in Micro-Enterprises , 2009, Int. J. E Bus. Res..

[5]  Ahad Zare Ravasan,et al.  A McKinsey 7S Model-Based Framework for ERP Readiness Assessment , 2011, Int. J. Enterp. Inf. Syst..

[6]  Pallab Saha,et al.  Advances in Government Enterprise Architecture , 2008 .

[7]  Pallab Saha,et al.  Handbook of Enterprise Systems Architecture in Practice , 2007 .

[8]  Sotiris P. Gayialis,et al.  Risk Assessment in Virtual Enterprise Networks: A Process-Driven Internal Audit Approach , 2010 .

[9]  Angappa Gunasekaran,et al.  Global Implications of Modern Enterprise Information Systems: Technologies and Applications , 2008 .

[10]  Csaba Veres,et al.  Achieving System and Business Interoperability by Semantic Web Services , 2009 .

[11]  Stephen H. Kaisler,et al.  The Integrated Enterprise Life Cycle: Enterprise Architecture, Investment Management, and System Development , 2007 .

[12]  Stavros Ponis Managing Risk in Virtual Enterprise Networks: Implementing Supply Chain Principles , 2010 .

[13]  Virgil D. Gligor,et al.  A Specification and Verification Method for Preventing Denial of Service , 1990, IEEE Trans. Software Eng..