Abstract
This paper presents an ongoing research project that is a sequel to an earlier work on the Development of Enterprise Information Security Management (EISM) Tool Suite for different stages like Requirement and Risk Analysis, Policy Development, Infrastructure Advisory Generation, and Testing of the Security Engineering Life Cycle. The present project attempts to develop a set of web-based information security management services using web-service technologies. The study also aims at developing a unified formal model of Enterprise Information System Security and suitable metrics for its measurement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Roy, et al.: ESRML: A Markup Language for Enterprise Security Requirement Specification. In: Proceedings of IEEE INDICON 2004, held at IIT, Kharagpur, December 20-22 (2004)
Mazumdar, et al.: Final Technical Report for Project Development of Validated Security Processes and Methodologies for Web-Based Enterprises (2003)
Sengupta, A., Mukhopadhyay, A., Mallick, A.S.: Preliminary Technical Report on the Development of Web-enabled Enterprise Security Management Framework based on a Unified Formal Model of Enterprise Information System Security, Technical Report, Project WebSecurity-II (CDC-JU) (June 2004)
Bell, D., La Padula, L.: Secure Computer Systems: Mathematical Foundations and Model. MITRE Report MTR 2574, vol. 2 (November 1973)
Biba, K.J.: Integrity Considerations for Secure Computer Systems. MTR-3153, MITRE Corporation, Bedford, MA (June 1975)
Clark, D., Wilson, D.: A Comparison of Commercial and Military Security Policies. In: Proceedings IEEE Symposium Security and Privacy, pp. 184–194. IEEE Comp Soc Press, Los Alamitos (1987)
Sandhu, R.S.: Lattice-based Access Control Models. IEEE Computer, 9–19 (November 1993)
Sandhu, R., et al.: Role-based Access Control Models. IEEE Computer (February 1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sengupta, A. et al. (2005). A Web-Enabled Enterprise Security Management Framework Based on a Unified Model of Enterprise Information System Security. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2005. Lecture Notes in Computer Science, vol 3803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11593980_26
Download citation
DOI: https://doi.org/10.1007/11593980_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30706-8
Online ISBN: 978-3-540-32422-5
eBook Packages: Computer ScienceComputer Science (R0)