Implementing Security Policy in a Large Defense Procurement
نویسندگان
چکیده
At the 1993 ACSAC conference a previous paper was presented describing the security policy developed for a large, integrated defence procurement, the United Kingdom Royal Air Force Logistics Information Technology System (LITS). The current paper describes some of the practical difficulties encountered in implementing that security policy during subsequent stages of the LITS system development. Issues discussed include the difficulties of “future proofing” a security infrastructure in the real world where user security requirements can and do change in ways that were not anticipated, the tension between security policy requirements and cost effective security solutions, and the conflict between labelling data and the use of untrusted applications.
منابع مشابه
Innovation on Demand: Can Public Procurement Drive Market Success of Innovations
Public procurement has been at the centre of recent discussions on innovation policy on both European and national levels (e.g., Aho-Report, Barcelona Strategy). It has a large potential to stimulate innovation since it accounts for 16% of combined EU-15 GDP. We embed public procurement for innovation into the broader framework of public policies to stimulate innovation: regulations, R&D subsid...
متن کاملCritical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)
The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...
متن کاملAdvanced Metering Infrastructure Security Considerations
The purpose of this report is to provide utilities implementing Advanced Metering Infrastructure (AMI) with the knowledge necessary to secure that implementation appropriately. We intend that utilities use this report to guide their planning, procurement, roll-out, and assessment of the security of Advanced Metering Infrastructure. This report discusses threats to the AMI, the likely sources of...
متن کاملState-Based Security Policy Enforcement in Component-Based E-Commerce Applications
Software component technology supports the cost-effective development of e-commerce applications but also introduces special security problems. In particular, a malicious component is a threat to any application incorporating it. Therefore wrappers are of interest which control the behavior of components at run-time and enforce the application’s security policies. The wrapper of a component mon...
متن کاملTechnology push - over : defense downturns and civilian technology policy
Since the 1960s civilian technology demonstration programs in the US Departments of Transportation and Commerce have manifested a pattern in their initiation, content, and outcomes. Programs are episodic, with long periods of relative inactivity occasionally interrupted by brief periods of budgetary largesse. Program content often emphasizes information and automation technologies and system in...
متن کامل