Methods and tools for the development of information security policy — A comparative literature review

Information security policy is primarily determined by the environment in which various information are being used and communicated. Such growing complexity of the security environment looks for the appropriate methods and tools for the support of the processes of planning, implementation, and enforcement of information security policy. Comparative review of the available literature is used to analyze the state of the development in this field. Based on that, some observations and a priori hypothesis are given. These hypotheses are then thoroughly checked throughout the more detail analyses of the selected scientific papers. The goal is to determine actual state and trends in the field of methods and tools for the support of processes of planning, implementation, and enforcement of information security policy.

[1]  A. Clark,et al.  Enterprise Security Architecture: A Business-Driven Approach , 2005 .

[2]  John J. Trinckes Information Security Requirements , 2009 .

[3]  Ju An Wang,et al.  OVM: an ontology for vulnerability management , 2009, CSIIRW '09.

[4]  N. F. Noy,et al.  Ontology Development 101: A Guide to Creating Your First Ontology , 2001 .

[5]  Terry V. Benzel,et al.  Systemic Security Management , 2006, IEEE Security & Privacy.

[6]  Natalya Fridman Noy Ontology Mapping , 2009, Handbook on Ontologies.

[7]  Nicola Guarino,et al.  Formal Ontology and Information Systems , 1998 .

[8]  Jeffrey V. Nickerson,et al.  Hands-on, simulated, and remote laboratories: A comparative literature review , 2006, CSUR.

[9]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[10]  Rossouw von Solms,et al.  Information Security Governance: A model based on the Direct-Control Cycle , 2006, Comput. Secur..

[11]  Aleksandar Klaic,et al.  Overview of the state and trends in the contemporary information security policy and information security management methodologies , 2010, The 33rd International Convention MIPRO.

[12]  Timothy W. Finin,et al.  Enforcing security in semantics driven policy based networks , 2011 .

[13]  Marcus K. Rogers,et al.  A cyber forensics ontology: Creating a new approach to studying cyber forensics , 2006, Digit. Investig..

[14]  Aleksandar Klaić Information Security in Business and Government Sectors , 2005 .

[15]  Mario Piattini,et al.  A Systematic Review and Comparison of Security Ontologies , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[16]  Timothy W. Finin,et al.  Enforcing security in semantics driven policy based networks , 2008, 2008 IEEE 24th International Conference on Data Engineering Workshop.

[17]  Véronique Normand,et al.  Toward model-based security engineering : developing a security analysis DSML , 2009 .

[18]  Cataldo Basile,et al.  Ontology-based Security Policy Translation , 2010 .

[19]  Terry Anthony Byrd,et al.  Information security policy: An organizational-level process model , 2009, Comput. Secur..

[20]  Edgar R. Weippl,et al.  XML security - A comparative literature review , 2008, J. Syst. Softw..

[21]  Bruce Murphy,et al.  Enterprise Security Architecture , 2000, Inf. Secur. J. A Glob. Perspect..

[22]  Dimitris Gritzalis,et al.  Towards an Ontology-based Security Management , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[23]  René Bañares-Alcántara,et al.  Perspectives on the potential roles of engineers in the formulation, implementation and enforcement of policies , 2010, Comput. Chem. Eng..

[24]  Sushil Jajodia,et al.  Policies, Models, and Languages for Access Control , 2005, DNIS.

[25]  Stefan Fenz,et al.  Formalizing information security knowledge , 2009, ASIACCS '09.