Specification and validation of enterprise information security policies
Proceedings of the CUBE International Information Technology Conference
| Hi-index | 0.00 |
An enterprise is considered as a collection of assets and their interrelationships. To ensure security, enterprise-level information security policies are specified. An information security procedure details the steps needed to implement a security policy. Implementation of security procedures needs a set of low-level (implementation-level) policies defining authorizations of subjects over objects. For a large enterprise, manual specification of low-level policies may lead to errors and conflicts. This study presents a methodology for the conversion of security procedures to low-level policies, the methodology also validates policies based on information security requirements of enterprises.