Abstract
Moving towards a knowledge economy, managing effectively and safely the corporate data is the key to an organisation’s survival and success. Corporative employees that technologies like computers, mobile and portable devices to access the information. Safeguarding corporate information that flows in unprotected land lines and airwaves is critically important. Adversaries attack information systems, their tools and techniques are numerous and widely available. Analysis of various security incidents has shown that the corporative attempt to achieve and maintain “absolute” security is not always effective and usually is far too expensive. To provide adequate protection for the modern enterprise, security architectures need to be build. These include security mechanisms, tools and policies that provide an acceptable level of protection for the enterprise. This paper presents the work in progress in developing an enterprise information security data model. The proposed prototype aims at presenting security specialists with more effective ways of managing existing security architectures implemented by the enterprise.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35691-4_52
Chapter PDF
Similar content being viewed by others
References
Donald L. Pipkin, 200, Information Security: Protecting the Global Enterprise. Hewlett-Packard Professional Books.
Kostantin Beznosov, Information Enterprise Architectures: Problems and Perspectives. Florida International University technical report 2000–06.2000
Rimvydas Skytius, Business Decision Making, Managerial Learning and Information Technology. Proc. Of the Informing Science: Challenges to Informing clients: A TransdisciPl nary approach Conference. 2001
Ethan Sanderson and Karen A. Forcht, 1996, Information Security in Business Environments. Information Management and Computer Security, 4 /1, pp. 32–37.
D. Spinellis, S. kokolakis and S. Gritzalis,1999, Security requirements, risks and recommendations for small enterprise and home-office environments,Information Management and Computer Security, 7/3, pp.121–128.
Tonda R. Henning, 1996, Use of the Zachman Architecture for Security Engineering, 19` x ’ National Information systems Security Conference. Baltimore
Zachman, J. A., A framework for Information Systems architecture. IBM Systems Journal, vol. 26, No. 3, pp. 276–292. 1987
Anderson R. Why Cryptosystems fail. Technical Report. University Laboratory, Cambridge University. January 1994
IDWG. Intrusion Detection Exchange Format Data Model (IDEFDM). 15 June 2000
Commission of the European Communities Security Investigations Projects. Project 52003-Incident Reporting a European Structure “Final Feasibility and Strategy Report”. Report No19733.Version 1. 0. 1992
Demchenko Y. Incident Object Description and Exchange Format Data Model and Extensible Markup Language (XML). Internet Draft. July 2001
Belsis A. Meletis, Godwin Nick and Smalov Leon, A Security Incident Data Model, Proceedings of the 17°i International Conference on Information Security (IFIP/Sec 2002 ), Cairo, Egypt, May 2002
Athman Bouguettaya, Boualem Benatallah, Mourad Ouzzani and Lily Hendra. Using Java and CORBA for Implementing Internet Databases. Proceedings of the 15th International Conference on Data Engineering, 1999, pp. 218–227.
Ashman Bouguettaya, Boualem Benatallah, Lily Rendra, James Beard and Kevin Smith and Mourad Ouzzani. World Wide Database- Integrating the Web, CORBA and Databases. Proceedings of the SIGMOD Conference 1999 ,pp. 594–596.
Ebru Killic, Gokhan Ozhan, Cevdet Dengi, Nihan Kesim, Pinal Koksal and Asuman Dogac, Experiences in using CORBA for a Multidatabase Implementation. In Proc. Of 6th Intl. Workshop on Database and Expert System Applications, London, Sept. 1995
Belsis A. Meletis, Nick Godwin, Leon Smalov. Delivering Secure Manufacturing IT Systems within the CORBA Security Framework. 14`x’ International Conference on Systems Engineering (ICSE), Coventry, UK, 12–14 September 2000
Androutsopoulos I., Ritchie G.D., and Thanisch P. Natural Language Interfaces to DBs–An Introduction. Natural Language Engineering, vol. 1, part 1. Cambridge University Press, pp. 29–81, 1995.
Ott N., Aspects of the automatic Generation of SQL Statements in a Natural Language Query Interface, Information Systems, I7 (2),pp. 147–159, 1992.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Belsis, M.A., Smalov, L. (2003). Building an Enterprise it Security Management System. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds) Security and Privacy in the Age of Uncertainty. SEC 2003. IFIP — The International Federation for Information Processing, vol 122. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35691-4_16
Download citation
DOI: https://doi.org/10.1007/978-0-387-35691-4_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6489-5
Online ISBN: 978-0-387-35691-4
eBook Packages: Springer Book Archive