Market automation: self-regulation in a distributed environment
COCS '88 Proceedings of the ACM SIGOIS and IEEECS TC-OA 1988 conference on Office information systems
Dynamic Policy Model for Large Evolving Enterprises
EDOC '01 Proceedings of the 5th IEEE International Conference on Enterprise Distributed Object Computing
Developing Dynamic Security Policies
DANCE '02 Proceedings of the 2002 DARPA Active Networks Conference and Exposition
Trust Meta-Policies for Flexible and Dynamic Policy Based Trust Management
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Integration of IT service management into enterprise architecture
Proceedings of the 2007 ACM symposium on Applied computing
Enterprise architecture governance: the need for a business-to-IT approach
Proceedings of the 2008 ACM symposium on Applied computing
ISO/IEC 20000 Certification and Implementation Guide - Standard Introduction, Tips for Successful ISO/IEC 20000 Certification, FAQs, Mapping Responsibilities, Terms, Definitions and ISO 20000 Acronyms
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
Dynamic Policy Based Network Management Scheme in Mobile Environment
ISCSCT '08 Proceedings of the 2008 International Symposium on Computer Science and Computational Technology - Volume 01
Survivability and Business Continuity Management System According to BS 25999
SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Pure bigraphs: Structure and dynamics
Information and Computation
Analysis of Strongly and Weakly Coupled Management Systems in Information Security
SECURWARE '10 Proceedings of the 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies
Hi-index | 0.00 |
The limits of traditional (static) policies are well known in many areas of computer science and information security and are extensively discussed in the literature. Although some flexibility has been achieved with the introduction of dynamic policies, these efforts have only addressed a fraction of the requirements necessary to secure today's enterprises. Currently, no feedback mechanisms are in place to evaluate the effectiveness or economic impacts of static or dynamic policy implementation. Here, we address the requirement for feedback and present a policy for the next generation. This is a policy that includes a dynamic feedback response to the effectiveness of changes. The structure of this new type of policy, called a ‘management system’, is borrowed from discrete event system theory and functions as a control loop. A management system consists of four elements (control system, sensor, controller, and actuator) that are involved in a control law. In this article, we present also an analytical description of the optimal structure through which the three management systems (Information Security Management System (ISMS), Business Continuity Management System, and IT Service Management) should be linked in a company. We define a coupling parameter and, using an equation for the discrete control loop, show that ISMS and IT Service Management should ideally be strongly coupled, and ISMS and Business Continuity Management System should be weakly coupled. Furthermore, two types of management system can be defined. A simple management system (1 st order management system) responds to and regulates only perturbations. An advanced management system (2 nd order management system) has an overarching target function that influences the controller. This target function is usually economically oriented. Copyright © 2011 John Wiley & Sons, Ltd.