Holistic security management framework applied in electronic commerce

被引：17

作者：

Zuccato, Albin ^{[1
]}

机构：

[1] Karlstad Univ, S-65188 Karlstad, Sweden

来源：

COMPUTERS & SECURITY | 2007年 / 26卷 / 03期

关键词：

holistic security management; security management process; security engineering; security requirements; electronic commerce security;

D O I：

10.1016/j.cose.2006.11.003

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

With the advance of electronic commerce more and more companies have become dependent on their information systems for their daily business operations. This dependency requires the security of these systems to be managed. This paper presents a holistic security management framework that should allow for easy and affordable security management. This process framework is described by hierarchically organized processes which allow for a business, technology and social driven security management. It presents the activities involved in the five core and two support processes which are conducted iteratively. To support this framework three cases of successful applications and an informal evaluation against SSE-CMM are presented. (C) 2006 Elsevier Ltd. All rights reserved.

引用

页码：256 / 265

页数：10

共 24 条

[1]

[Anonymous], UNIFIED SOFTWARE DEV

[2]

[Anonymous], 1990, MANAGEMENT SYSTEMS C

[3]

[Anonymous], 1993, CAPABILITY MATURITY

[4]

BJORCK F, 2001, THESIS STOCKHOLM U R

[5]

Booysen H. A. S., 1995, Information Security - the Next Decade. Proceedings of the IFIP TC11 Eleventh International Conference on Information Security, IFIP/Sec '95, P255

[6]

Brooks F., 1995, MYTHICAL MAN MONTH

[7]

CHAFFE D, 2002, EBUSINESS ECOMMERCE

[8]

COOPERS PW, 2004, INF SEC BREACH SURV

[9]

Fischer-Hubner S., 2001, LECT NOTES COMPUTER

[10]

Hitchings J., 1995, Information Security - the Next Decade. Proceedings of the IFIP TC11 Eleventh International Conference on Information Security, IFIP/Sec '95, P369

← 1 2 3 →