{"title":"流程模型设计和工具支持使用安全模式进行信息资产访问控制","authors":"Mathaya Ratchakom, N. Prompoon","doi":"10.1109/JCSSE.2011.5930139","DOIUrl":null,"url":null,"abstract":"Information assets such as customer information, business transaction, and contract transaction data are important for the organization as these assets affect business value and operation. Therefore, to manage information assets, the organization needs to establish the security system, one of the non-functional requirements, to control the resource accessibility. The security patterns provide practices for formal security process establishment which could be applied to assets access control. However, the security patterns explanations are specific but an applying has to define process operation in details. This research proposes a design of process model for Information Assets Access Control (IAAC) using security patterns. In addition, the proposed process model also uses ISO/IEC 27001:2005 and ISO/IEC 27002:2005 as a fundamental framework. The supporting templates are also designed to support the proposed process model.","PeriodicalId":287775,"journal":{"name":"2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A process model design and tool support for information assets access control using security patterns\",\"authors\":\"Mathaya Ratchakom, N. Prompoon\",\"doi\":\"10.1109/JCSSE.2011.5930139\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information assets such as customer information, business transaction, and contract transaction data are important for the organization as these assets affect business value and operation. Therefore, to manage information assets, the organization needs to establish the security system, one of the non-functional requirements, to control the resource accessibility. The security patterns provide practices for formal security process establishment which could be applied to assets access control. However, the security patterns explanations are specific but an applying has to define process operation in details. This research proposes a design of process model for Information Assets Access Control (IAAC) using security patterns. In addition, the proposed process model also uses ISO/IEC 27001:2005 and ISO/IEC 27002:2005 as a fundamental framework. The supporting templates are also designed to support the proposed process model.\",\"PeriodicalId\":287775,\"journal\":{\"name\":\"2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE)\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/JCSSE.2011.5930139\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JCSSE.2011.5930139","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A process model design and tool support for information assets access control using security patterns
Information assets such as customer information, business transaction, and contract transaction data are important for the organization as these assets affect business value and operation. Therefore, to manage information assets, the organization needs to establish the security system, one of the non-functional requirements, to control the resource accessibility. The security patterns provide practices for formal security process establishment which could be applied to assets access control. However, the security patterns explanations are specific but an applying has to define process operation in details. This research proposes a design of process model for Information Assets Access Control (IAAC) using security patterns. In addition, the proposed process model also uses ISO/IEC 27001:2005 and ISO/IEC 27002:2005 as a fundamental framework. The supporting templates are also designed to support the proposed process model.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
