VISPER: The VIrtual Security PERimeter for digital, physical, and organisational security
نویسنده
چکیده
The security perimeter, which once was simply defined as the fence around the premises of an organisation, is becoming increasingly flexible and adaptable to the environment and the circumstances. We call this process re-perimeterisation (ReP). The effects of ReP are felt in the digital domain (where data moves from organisation to organisation through networks), the social domain (where one individual may play a variety of roles in cooperating organisations) and the physical domain (where appliances such as mobile phones and laptops move around). ReP brings about new security risks because of the difficulty of keeping the domains aligned. For example, stealing a laptop (social domain) with a motion sensor triggers an alarm (physical domain), which then selects a security policy that blocks access to all sensitive data (digital domain). By making the security perimeter explicit in business processes, security policies and security mechanisms, we intend to foster alignment of the three domains. This would then mitigate the risks of ReP.
منابع مشابه
Modelling E-Business Security Using Business Processes
Organisations (enterprises, businesses, government institutions, etc.) have changed their way of doing business from a traditional approach to embrace e-business processes. This change makes the perimeter security approach inappropriate for such organisations. The well-known and widely used security mechanisms, including cryptography-based tools and techniques, cannot provide a sufficient level...
متن کاملDe-perimeterisation as a cycle: tearing down and rebuilding security perimeters
If an organisation wants to secure its IT assets, where should the security mechanisms be placed? The traditional view is the hard-shell model, where an organisation secures all its assets using a fixed security border: What is inside the security perimeter is more or less trusted, what is outside is not. Due to changes in technologies, business processes and their legal environments this appro...
متن کاملE-business Information Systems Security Design Paradigm and Model
This thesis is concerned with a new approach to Information Systems Security management for an e-business organisation. One of the characteristics of a modern organisation (and especially of an ebusiness organisation) is the distribution of organisational resources and assets. Management of resources is also distributed between various hierarchical functions. With the move to an e-business mode...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملInvestigating the Physical Security Dimensions Affecting Volleyball Stadiums Security
The present study aimed at investigating the physical security dimensions affecting the security of volleyball stadiums in Iran. The study employed a descriptive-exploratory research method conducted on 115 managers and officials in volleyball stadiums, presidents and experts of Provincial Volleyball Boards as well as experts in the field of sports facilities and events as wel...
متن کامل