Enterprise Information System Security: A Life-Cycle Approach
نویسندگان
چکیده
There has been an unprecedented thrust in employing Computers and Communication technologies in all walks of life. The systems enabled by Information Technology are becoming more and more complex resulting in various threats and vulnerabilities. The security properties, like confidentiality, integrity, and availability, are becoming more and more difficult to protect. In this chapter, a life-cycle approach to achieve and maintain security of enterprises has been proposed. First, enterprise information systems are looked at in detail. Then, the need for enterprise information system security and problems associated with security implementation are discussed. The authors consider enterprise information system security as a management issue and detail the information security parameters. Finally, the proposed security engineering life-cycle is described in detail, which includes, Security Requirement Analysis, Security Policy Formulation, Security Infrastructure Advisory Generation, Security Testing and Validation, and Review and Monitoring phases.
منابع مشابه
Security Management Life Cycle (SMLC): A Comparative Study
We introduce an integrated conceptualization of enterprise information technology security management in the form of a life cycle that accounts for the people, processes, infrastructure, and applications within an enterprise. Our life cycle view provides a lens through which one can view the security management activities at the strategic, tactical, and operational levels with regard to their s...
متن کاملBotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle
Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...
متن کاملManaging the Information System Life Cycle in Construction and Manufacturing
In this paper we present the information life cycle and analyze the importance of managing the corporate application portfolio across this life cycle. The approach presented here corresponds not just to the extension of the traditional information system development life cycle. This approach is based in the generic life cycle. In this paper it is proposed a model of an information system life c...
متن کاملQuantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملEnterprise modelling and Ontology
Generally speaking, Enterprise model is used during the system engineering life cycle by other stakeholders rather than those who developed it. They do not necessarily know the context in which the model was built and quite often are not familiar with the language used for the modelling. This situation makes that the model loses its semantic during its exploitation and creates ambiguities and d...
متن کامل