Conference Proceedings

A methodology for conversion of enterprise-level information security policies to implementation-level policies/rule

Proceedings - 2nd International Conference on Emerging Applications of Information Technology, EAIT 2011 (2011) 280-283
DOI: 10.1109/EAIT.2011.87
3Citations
Citations of this article
21Readers
Mendeley users who have this article in their library.
Get full text

Abstract

An enterprise is considered as a collection of assets and their interrelationships. To ensure security, enterprise-level information security policies are specified. An information security procedure details the steps needed to implement a security policy. Implementation of security procedures needs a set of low-level (implementation-level) policies defining authorizations of subjects over objects. For a large enterprise, manual specification of low-level policies may lead to errors and conflicts. This study presents a methodology for the conversion of security procedures to low-level policies; the methodology also validates policies based on information security requirements of enterprises. © 2011 IEEE.

Author supplied keywords

Cite

CITATION STYLE

APA

Sengupta, A., Mazumdar, C., & Bagchi, A. (2011). A methodology for conversion of enterprise-level information security policies to implementation-level policies/rule. In Proceedings - 2nd International Conference on Emerging Applications of Information Technology, EAIT 2011 (pp. 280–283). https://doi.org/10.1109/EAIT.2011.87

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free