Business Governance based Policy Regulation for Security Incident Response

Christophe Feltus, Djamel Khadraoui, Benoît De Remont, André Rifaut

Research output: Contribution in Book/Catalog/Report/Conference proceedingConference contribution

72 Downloads (Pure)


This paper describes the architecture of a policy regulation system and some of its related concepts dedicated to the application domain of computer network security context. The actual architecture is based on a methodology identifying the main phases addressing the needed reactions that could be realized in order to get out of a failure or an attack situation of a network. Policy management domain has already been largely discussed in the scientific literature. In fact, large panoply of works focusing on how to develop a policy framework taking into account the business goals, the organisational structure, the operational rules and the links between low-level policy and high-level one [13]. Nevertheless, it is notable that policy regulation remains an area where less work has been done, more specially the policy regulation according to business requirements. This paper aims to propose a framework for policy regulation that integrates the business layer during the regulation phase.
Original languageEnglish
Title of host publicationProceedings of CRiSIS'2007 : International Conference on Risks and Security of Internet and Systems, colocated with IEEE GIIS, Marrakech, Morocco.
Publication statusPublished - 2007


  • Policy
  • Architecture
  • Regulation
  • Computer network security
  • Reaction


Dive into the research topics of 'Business Governance based Policy Regulation for Security Incident Response'. Together they form a unique fingerprint.

Cite this