A Web-Enabled Enterprise Security Management Framework Based on a Unified Model of Enterprise Information System Security

This paper presents an ongoing research project that is a sequel to an earlier work on the Development of Enterprise Information Security Management (EISM) Tool Suite for different stages like Requirement and Risk Analysis, Policy Development, Infrastructure Advisory Generation, and Testing of the Security Engineering Life Cycle. The present project attempts to develop a set of web-based information security management services using web-service technologies. The study also aims at developing a unified formal model of Enterprise Information System Security and suitable metrics for its measurement.

[1]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[4]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[5]  C. Mazumdar,et al.  ESRML: a markup language for enterprise security requirement specification , 2004, Proceedings of the IEEE INDICON 2004. First India Annual Conference, 2004..

[6]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.