Date: 17 Jun 2005

A framework for the management of information security

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Information security is strongly dependent on access control models and cryptographic techniques. These are well established areas of research and practice in the enforcement of technical information security policies but are not capable of supporting development of comprehensive information security within organizations. Therefore, there is a need to study upper level issues to establish organizational models for specifying security enforcement mechanisms and coordinating policies. This paper proposes a model for dealing with high level information security policies. The core is to enforce a continuous refinement of information security requirements aiming at formally deriving technical security policies from high level security objectives. This refinement is carried out by in formation security harmonization functions. Contribution of this paper is on the specification of a notation for expressing information security requirements and on the specification of a mechanism to formulate harmonization functions.