Integrating Advanced Security Certification and Policy Management

被引：1

作者：

Bezzi, Michele ^{[2
]}

Damiani, Ernesto ^{[3
]}

Paraboschi, Stefano ^{[1
]}

Plate, Henrik ^{[2
]}

机构：

[1] Univ Bergamo, Via Marconi 5, I-24044 Dalmine, Italy

[2] SAP Global Res & Business Incubat, F-06250 Mougins, France

[3] Univ Milan, I-26013 Crema, Italy

来源：

CYBER SECURITY AND PRIVACY | 2013年 / 182卷

关键词：

Service assurance; Security certification; Security policy management;

D O I：

10.1007/978-3-642-41205-9_5

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Recent models of software provisioning based on cloud architectures co-exist and interact with in-premises large and heterogeneous software ecosystems. In this increasingly complex landscape, organizations and users are striving to deal with assurance in all phases of software life cycle: acquisition, installation, use and maintenance. In this paper, we start by describing the notion of machine-readable security certificates, and discuss how they can be used for assurance-based software selection. Then, we introduce some models and tools for administrators for the automatic management of security policies, which include policy conflict detection. Finally, we discuss how these two approaches can be integrated for supporting organization to (semi-) automatically address the security requirements throughout the entire software life cycle.

引用

页码：55 / 66

页数：12

共 50 条

[1] Integrating Information Security Policy Management with Corporate Risk Management for Strategic Alignment
Corpuz, Maria Soto
Barnes, Paul
WMSCI 2010: 14TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL III, 2010, : 337 - 342
[2] Advanced security management
Fung, Carol
Francois, Jerome
Cordeiro, Weverton
Zhani, Mohamed Faten
INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, 2019, 29 (03)
[3] AUDIT AND INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION
Drastich, Martin
SBORNIK Z MEZINARODNI VEDECKE KONFERENCE ZNALOSTI PRO TRZNI PRAXI 2012: VYZNAM ZNALOSTI V AKTUALNI FAZI EKONOMICKEHO CYKLU, 2012, : 49 - 52
[4] The Policy Machine for security policy management
Hu, VC
Frincke, DA
Ferraiolo, DF
COMPUTATIONAL SCIENCE -- ICCS 2001, PROCEEDINGS PT 2, 2001, 2074 : 494 - 503
[5] Paper: a study on the certification of the information security management systems
Fung, ARW
Farn, KJ
Lin, AC
COMPUTER STANDARDS & INTERFACES, 2003, 25 (05) : 447 - 461
[6] Security and management policy specification
Sloman, M
Lupu, E
IEEE NETWORK, 2002, 16 (02): : 10 - 19
[7] Integrating Information Security into Quality Management Systems
Stoll, Margareth
TECHNOLOGICAL DEVELOPMENTS IN NETWORKING, EDUCATION AND AUTOMATION, 2010, : 455 - 460
[8] Security Engine Management of Router based on Security Policy
Jo, Su Hyung
Kim, Ki Young
Lee, Sang Ho
PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, VOL 10, 2005, 10 : 116 - 119
[9] Integrating Security Risk Management into Business Process Management for the Cloud
Goettelmann, Elio
Mayer, Nicolas
Godart, Claude
2014 IEEE 16TH CONFERENCE ON BUSINESS INFORMATICS (CBI), VOL 1, 2014, : 86 - 93
[10] Advanced Security Policy Implementation for Information Systems
Yusufovna, Sattarova Feruza
INTERNATIONAL SYMPOSIUM ON UBIQUITOUS MULTIMEDIA COMPUTING, PROCEEDINGS, 2008, : 244 - 247

← 1 2 3 4 5 →