1 / 14

Chapter VII Security Management for an E-Enterprise

Chapter VII Security Management for an E-Enterprise. -Ramyah Rammohan. Introduction. What is EI ? Integration of people, organization, and technology. Objective of EI Emphasize the need for security management, integration of security the enterprise. Integration Problem

orli
Download Presentation

Chapter VII Security Management for an E-Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter VIISecurity Managementfor an E-Enterprise -Ramyah Rammohan

  2. Introduction • What is EI ? Integration of people, organization, and technology. • Objective of EI Emphasize the need for security management, integration of security the enterprise. • Integration Problem Diverse Security mechanism

  3. Background • Security domain-help partition the enterprise network into logical entities • Trust levels -allow for evaluation of the security needs of each domain • Tiered networks- provide a model for physically partitioning the enterprise network as per the enterprise security policy.

  4. Outline of Security Management Security Metrics e-enterprise security management E-enterprise security Profile(ESP) FU security capabilities (FUSC)

  5. Security Domain, E-Enterprise Security Profile • Auditing: -The security of information systems requires the ability to trace all actions on sensitive objects back to the subjects originating these actions. -Application dependent • Authentication: -“authentication is the binding of an identity to a subject” (Bishop, 2002,p. 309). -SOS (Single sign on) • Access Control: protection against unauthorized access to or modification of information.

  6. Cntd.. • Cryptography : Cryptographic mechanisms not only help in restricting access of secure information to unauthorized subjects, but also provide support to ensure data integrity. • System Protection : This domain includes mechanisms that are used to protect the integrity of the system and data. • Intrusion Detection : Detecting events that represent attempts to breach security. • Perimeter Protection :Preventing unauthorized information exchange at boundaries. .

  7. Definition • The e-enterprise security profile is defined as a matrix, ESP, consisting of n + 1 rows and m columns, where: n = Total number of FUs requiring integration m = Total number of security domains The n + 1th row depicts the security requirements for additional centralized control, if required to provide centralized security mechanisms such as single sign-on. • The FUs security capabilities is defined as a matrix, FUSC, consisting of n rows and m columns, where n and m are as given in Definition 1.

  8. ESP and FUSC matrix • ESP Matrix • FUSC Matrix References:Enterprise Information System Assurance and security- Merrill Warkentin and Rayford Vaughn

  9. Software Metrics • Survivability is defined as the as “the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents” (Ellison et al., 1997, p. 2). • Privacy is used to quantify the extent of privacy support provided by the e-enterprise. • Confidentiality Confidentiality is used to quantify the degree to which the information or resources of the e-enterprise are concealed. • Integrity quantify the trustworthiness and correctness of enterprise data or resources.

  10. Cntd.. • Availability “the alternation between proper and improper service, and is often expressed as the fraction of time that a system can be used for its intended purpose during a specified period of time” (Nicol, Sanders, & Trivedi, 2004, p. 49). • Accountability signifies the extent to which activities in the e-enterprise are traceable to their sources. • Relaibility probability that the e-enterprise perform the specified operations, as per its security policy, throughout a specified period of time. • Non-Repudiation Non-repudiation quantifies the extent of an enterprise to accurately associate data with its resources.

  11. Security Management

  12. Conclusion and Future work • Security management framework for enterprise integration. • This objective is achieved by categorization of security requirements through security domains and application of security management techniques based on security metrics. • The risk posture is defined in terms of threats (intrusion, insider attack, etc.) and undesirable consequences (loss of confidential information, etc.) that concern the enterprise (I3p, 2003). • Enterprise managers of limited enterprise resources for providing the required security solutions. • In the future, the plan is to conduct various experiments to verify the efficacy of the proposed approach.

  13. References • Enterprise Information system Assurance and security-Managerial and technical issues by Merrill Warkentin and Rayford Vaughn • http://www.wikipedia.org/

  14. Questions -Thank you

More Related