Résumé
This paper describes the architecture of a policy regulation system and some of its related concepts dedicated to the application domain of computer network security context. The actual architecture is based on a methodology identifying the main phases addressing the needed reactions that could be realized in order to get out of a failure or an attack situation of a network.
Policy management domain has already been largely discussed in the scientific literature. In fact, large panoply of works focusing on how to develop a policy framework taking into account the business goals, the organisational structure, the operational rules and the links between low-level policy and high-level one [13]. Nevertheless, it is notable that policy regulation remains an area where less work has been done, more specially the policy regulation according to business requirements.
This paper aims to propose a framework for policy regulation that integrates the business layer during the regulation phase.
langue originale | Anglais |
---|---|
titre | Proceedings of CRiSIS'2007 : International Conference on Risks and Security of Internet and Systems, colocated with IEEE GIIS, Marrakech, Morocco. |
Etat de la publication | Publié - 2007 |