Information Security: An Integrated Collection of Essays
Information Security: An Integrated Collection of Essays
Formal Techniques for an ITSEC-E4 Secure Gateway
ACSAC '96 Proceedings of the 12th Annual Computer Security Applications Conference
Security Objectives within a Security Testing Case Study
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
A study on X party material flow: the theory and applications
Enterprise Information Systems
Electronic marketplace definition and classification: literature review and clarifications
Enterprise Information Systems
Performance evaluation for a transportation system in stochastic case
Computers and Operations Research
Optimizing airline passenger prescreening systems with Bayesian decision models
Computers and Operations Research
Hi-index | 0.00 |
In recent years, information systems in telecommunication enterprises have been characterised by boundary expansion and increase of departmental-level applications. These changes increase the complexity of security evaluation and pose new challenges to enterprises' information security. Taking into account the behaviour characters of system users, we put forward a system security evaluation approach based on access paths. This approach can help evaluators and users find out potential security risks without figuring out the boundary of systems explicitly. It has no special requirements for system scale and can be used in the evaluation of enterprise-level and departmental-level systems. This paper also presents the formal definition of access path and related evaluation rules.