A FRAMEWORK TO SUPPORT DECISIONS ON APPROPRIATE SECURITY MEASURES
暂无分享,去创建一个
Abstract Security is the result of various decision processes on different organizational levels. While the achievement of an overall security level is a corporate-wide task, there are on each corporate level different aspects, various priorities, views, and interests which can help and influence the decision process of the involved managers. The intention of this paper is to introduce a framework which suggests the kind of information needed on different management levels to prepare and coordinate high-quality security decisions. We will focus on the choice, collection, and preparation of the relevant information as processes which can influence a security decision in a significant way. Furthermore some tools and methods suitable to prepare and present these informations are briefly discussed and compared. The usefulness of the proposed framework will be demonstrated by the example of Network Security Management in an Open System.
[1] John R. Aschenbrenner,et al. Open Systems Interconnection , 1986, IBM Syst. J..
[2] John M. Boone,et al. INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .
[3] Shari Lawrence Pfleeger,et al. A framework for security requirements , 1991, Comput. Secur..
[4] Klaus Garbe. Sicherheitsstandards für offene Kommunikationssysteme , 1990, PIK Prax. Informationsverarbeitung Kommun..