Abstract
The paper discusses the assignment of security clearances to employees in a security conscious organization. New approaches are suggested for solving two major problems. First, full implementation of the ‘need-to-know’ principle is provided by the introduction of Data Access Statements (DAS) as part of employee’s job description. Second, for the problem of setting up border points between different security clearances, the paper introduces a fuzzy set model. This model helps to solve this problem, effectively connecting it with the cost of security. Finally, a method is presented for calculating security values of objects security clearances for employees when the information objects are connected to each other in a network structure.
Chapter PDF
Similar content being viewed by others
Key words
References
Amoroso, E., (1994), Fundamentals of Computer Security Technology, Prentice Hall, USA.
Frank, L., (1992), EDP-Security, Elsevier Science Publishers, The Netherlands.
Pfleeger, C, (1997), Security in Computing, Prentice Hall, USA.
Portougal, V., Janczewski, L., (1998), Industrial Information-weight Security Models, Information Management & Computer Security, Vol. 6. No 5, Great Britain.
Portougal, V. & Janczewski, L., (2000), “Need-to-know” principle and fuzzy security clearances modeling, Information Management & Computer Security, Vol. 8. No 5, Great Britain
Schuler R. et all, (1992), Human Resource Management in Australia, Harper Educational, Australia.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Janczewski, L.J., Portougal, V. (2005). Assignment of Security Clearances in an Organization. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds) Security and Privacy in the Age of Ubiquitous Computing. SEC 2005. IFIP Advances in Information and Communication Technology, vol 181. Springer, Boston, MA. https://doi.org/10.1007/0-387-25660-1_4
Download citation
DOI: https://doi.org/10.1007/0-387-25660-1_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-25658-0
Online ISBN: 978-0-387-25660-3
eBook Packages: Computer ScienceComputer Science (R0)