Event-driven rules for sensing and responding to business situations
Proceedings of the 2007 inaugural international conference on Distributed event-based systems
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
Ontology-based generation of IT-security metrics
Proceedings of the 2010 ACM Symposium on Applied Computing
A frame of reference for research of integrated governance, risk and compliance (GRC)
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Goal-Based Policies for Self-Protecting Systems
AINA '12 Proceedings of the 2012 IEEE 26th International Conference on Advanced Information Networking and Applications
Model-Based security event management
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
| Hi-index | 0.00 |
The use of formal models to guide security design is appealing. This paper presents a model driven approach whereby security systems in operation can be assessed and measured against various requirements that are defined when the system is created. By aligning with organisational policy, and business requirements of a specific system, design and operation can proceed in a way that allows measurement of how successfully security objectives are being achieved. This paper describes a model driven approach which overcomes the contextual restrictions of existing solutions. In particular, where models have been used previously these have tended to be predefined and closed models, whereas the approach described here is an extensible model that comprises all parts of the security monitoring and decision support process. By means of interlinked semantic concepts, the proposed security strategy meta model provides a way to model security directives at an abstract level, which can be automatically compiled into specific rules for an underlying framework of monitoring, decision support, and enforcement engines.