Toward comprehensive security policy governance in collaborative enterprise

Abstract

The lack of trust among software services spanning multiple organisations and the rather poor adaptability level of the current security policies are often seen as braking forces to collaborative-enterprise development. Removing this impediment involves re-thinking the security policy according to "due usage" requirements and setting security enforcement and regulations according to both the due usage and the runtime environment. This paper analyzes the nature of secured assets exchange management in collaborative enterprise, describing the assets sharing patterns and, accordingly, 'sub-context' partition method. Resource protection can be done by applying a 'collaborative usage control policy model' on each 'sub-context' to manage "due usage" control during service/information aggregation. In this way, a compendious but comprehensive security governance for collaborative enterprise is achieved. © 2012 IFIP International Federation for Information Processing.