Enterprise Level Security – Basic Security Model
Maintaining, updating, and modifying such a system based on changing enterprise needs and advancing technology is even more challenging. Decisions and informal rules that were made and enacted in the initial build are often lost, forgotten, or ignored when changes are needed. When the original syste...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
International Institute of Informatics and Cybernetics
2016-02-01
|
| Series: | Journal of Systemics, Cybernetics and Informatics |
| Subjects: | |
| Online Access: | http://www.iiisci.org/Journal/CV$/sci/pdfs/ZA188FH16.pdf
|
| _version_ | 1818560293735759872 |
|---|---|
| author | Kevin E. Foltz William R. Simpson |
| author_facet | Kevin E. Foltz William R. Simpson |
| author_sort | Kevin E. Foltz |
| collection | DOAJ |
| description | Maintaining, updating, and modifying such a system based on changing enterprise needs and advancing technology is even more challenging. Decisions and informal rules that were made and enacted in the initial build are often lost, forgotten, or ignored when changes are needed. When the original system designers have moved on, the system is entrusted to an administrator who understands how the system works but not why it was designed to work that way. Without this higher-level understanding, the secure system devolves into a collection of loosely integrated partial solutions with security vulnerabilities at the seams and edges. This work presents a method of documenting the design logic of a secure enterprise information system, from basic principles to implementable requirements. Important design decisions are captured, along with the logic supporting them. Before changes to the system are made, an assessment is made against the core design decisions to ensure the original security goals are maintained. This provides clarity to the system owner and administrators to help guide future changes, and it provides a way to convey security goals to product vendors in a structured and logical way, which can help to reduce the back-and-forth arguing over whether a product meets security requirements. The Enterprise Level Security (ELS) architecture is used as an example of the application of this method to a real-world security system |
| first_indexed | 2024-12-14T00:36:38Z |
| format | Article |
| id | doaj.art-e7478fb2fe7d44dca66fa1ac7f4ff51c |
| institution | Directory Open Access Journal |
| issn | 1690-4524 |
| language | English |
| last_indexed | 2024-12-14T00:36:38Z |
| publishDate | 2016-02-01 |
| publisher | International Institute of Informatics and Cybernetics |
| record_format | Article |
| series | Journal of Systemics, Cybernetics and Informatics |
| spelling | doaj.art-e7478fb2fe7d44dca66fa1ac7f4ff51c2022-12-21T23:24:36ZengInternational Institute of Informatics and CyberneticsJournal of Systemics, Cybernetics and Informatics1690-45242016-02-011417479Enterprise Level Security – Basic Security ModelKevin E. FoltzWilliam R. SimpsonMaintaining, updating, and modifying such a system based on changing enterprise needs and advancing technology is even more challenging. Decisions and informal rules that were made and enacted in the initial build are often lost, forgotten, or ignored when changes are needed. When the original system designers have moved on, the system is entrusted to an administrator who understands how the system works but not why it was designed to work that way. Without this higher-level understanding, the secure system devolves into a collection of loosely integrated partial solutions with security vulnerabilities at the seams and edges. This work presents a method of documenting the design logic of a secure enterprise information system, from basic principles to implementable requirements. Important design decisions are captured, along with the logic supporting them. Before changes to the system are made, an assessment is made against the core design decisions to ensure the original security goals are maintained. This provides clarity to the system owner and administrators to help guide future changes, and it provides a way to convey security goals to product vendors in a structured and logical way, which can help to reduce the back-and-forth arguing over whether a product meets security requirements. The Enterprise Level Security (ELS) architecture is used as an example of the application of this method to a real-world security systemhttp://www.iiisci.org/Journal/CV$/sci/pdfs/ZA188FH16.pdf EnterpriseSecurity ConceptsIT Security IntegritySecurity TenetsSecurity Requirements |
| spellingShingle | Kevin E. Foltz William R. Simpson Enterprise Level Security – Basic Security Model Journal of Systemics, Cybernetics and Informatics Enterprise Security Concepts IT Security Integrity Security Tenets Security Requirements |
| title | Enterprise Level Security – Basic Security Model |
| title_full | Enterprise Level Security – Basic Security Model |
| title_fullStr | Enterprise Level Security – Basic Security Model |
| title_full_unstemmed | Enterprise Level Security – Basic Security Model |
| title_short | Enterprise Level Security – Basic Security Model |
| title_sort | enterprise level security basic security model |
| topic | Enterprise Security Concepts IT Security Integrity Security Tenets Security Requirements |
| url | http://www.iiisci.org/Journal/CV$/sci/pdfs/ZA188FH16.pdf
|
| work_keys_str_mv | AT kevinefoltz enterpriselevelsecuritybasicsecuritymodel AT williamrsimpson enterpriselevelsecuritybasicsecuritymodel |