Business Governance based Policy Regulation for Security Incident Response

Christophe Feltus, Djamel Khadraoui, Benoît De Remont, André Rifaut

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférenceArticle dans les actes d'une conférence/un colloque

87 Téléchargements (Pure)

Résumé

This paper describes the architecture of a policy regulation system and some of its related concepts dedicated to the application domain of computer network security context. The actual architecture is based on a methodology identifying the main phases addressing the needed reactions that could be realized in order to get out of a failure or an attack situation of a network. Policy management domain has already been largely discussed in the scientific literature. In fact, large panoply of works focusing on how to develop a policy framework taking into account the business goals, the organisational structure, the operational rules and the links between low-level policy and high-level one [13]. Nevertheless, it is notable that policy regulation remains an area where less work has been done, more specially the policy regulation according to business requirements. This paper aims to propose a framework for policy regulation that integrates the business layer during the regulation phase.
langue originaleAnglais
titreProceedings of CRiSIS'2007 : International Conference on Risks and Security of Internet and Systems, colocated with IEEE GIIS, Marrakech, Morocco.
Etat de la publicationPublié - 2007

Empreinte digitale

Examiner les sujets de recherche de « Business Governance based Policy Regulation for Security Incident Response ». Ensemble, ils forment une empreinte digitale unique.

Contient cette citation