UNIX password security—ten years later
CRYPTO '89 Proceedings on Advances in cryptology
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Internet security: firewalls and beyond
Communications of the ACM
Issues in security for real-time databases
ACM-SE 36 Proceedings of the 36th annual Southeast regional conference
A practical approach to security assessment
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Public-key cryptography and password protocols
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Defending against denial of service attacks in Scout
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
High-confidence design for security: don't trust—verify
Communications of the ACM
Authentication metric analysis and design
ACM Transactions on Information and System Security (TISSEC)
Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
Inside risks: risks of relying on cryptography
Communications of the ACM
Security technologies for the World Wide Web
Security technologies for the World Wide Web
Lowering security overhead in link state routing
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
International Journal of Network Management
Unlinkable serial transactions: protocols and applications
ACM Transactions on Information and System Security (TISSEC)
On the functional relation between security and dependability impairments
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Password security: a case history
Communications of the ACM
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Network Security Essentials: Applications and Standards
Network Security Essentials: Applications and Standards
Investigating Computer- Related Crime a Handbook for Corporate Investigators
Investigating Computer- Related Crime a Handbook for Corporate Investigators
Internet and Intranet Security
Internet and Intranet Security
Authentication Systems for Secure Networks
Authentication Systems for Secure Networks
Defending Your Digital Assets against Hackers, Crackers, Spies, and Thieves
Defending Your Digital Assets against Hackers, Crackers, Spies, and Thieves
Computer
Security at the Internet Layer
Computer
Shaping the Research Agenda for Security in E-Commerce
DEXA '99 Proceedings of the 10th International Workshop on Database & Expert Systems Applications
Managing Network Security - A Pragmatic Approach
SRDS '98 Proceedings of the The 17th IEEE Symposium on Reliable Distributed Systems
Real-time mixes: a bandwidth-efficient anonymity protocol
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
Information technology (IT) has become a critical functionality for business today. Choosing the appropriate network security that will protect IT functions and meet business needs can be a bewildering but necessary process. The problem is deciding what and how much to do. The objective of this paper is to propose a new process that will facilitate the mapping of network security to the business's priorities using well-known classification schemes and decision support systems. Establishing a relationship between such diverse functions requires that the two areas be described in terms that can be related. Network security is described in terms of services and mechanisms that provide the functionality using the Open System Interconnection (OSI) Security Architecture classification. Business value and activities are described using Michael Porter's business value chain. First, the classification schemes for each area are subjectively related to establish an initial functionality/business value relationship. Second, a decision support tool called analytic hierarchy process (AHP) is used to establish an analytical and more objective relationship between the two classification schemes. The result of this work is a prioritized list of security services related to business needs instead of just being driven by technological criteria. An example that illustrates this concept is described in the paper. To the best of the authors knowledge, this is the first application of using AHP in the decision-making process of choosing network security in relationship to business needs.