Qualitative security policy design methods suffer from over-reliance on expertise. This paper presents an access control method based on the risk analyses and feedback control in a closed loop design method. In this method, the business process turnover time is used as the security risk measurement basis, with the risk as security state variables in information systems. The relationship between the risk and the business process elements is used as the feedback control of the access control policy. This feedback control model analyzes the access control policies for a single business process independent of the expertise. The system security state variables can be driven into the desired range depending on the model, and at the same time, the...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
Access control is the process of mediating every request to data and services maintained by a system...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do no...
In order to protect resources from unauthorized access and data leakage in companies, security exper...
resources must undergo a formal assessment process to properly identify risks and determine appropri...
Abstract — With the growth of Enterprises and organizations, the paper-based systems are replaced wi...
The identification of the major information technology (IT) access control policies is required to d...
Considering the existing situation and indicators pointing to the problems or the inadequacy of some...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
Controls The main purpose of the Information Security Analyst is to control the exposure to informat...
We describe a framework for risk assessment specifically within the context of risk-based access con...
Summary The security of access and information flow carries with it the risk that resources will be ...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
Access control is the process of mediating every request to data and services maintained by a system...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do no...
In order to protect resources from unauthorized access and data leakage in companies, security exper...
resources must undergo a formal assessment process to properly identify risks and determine appropri...
Abstract — With the growth of Enterprises and organizations, the paper-based systems are replaced wi...
The identification of the major information technology (IT) access control policies is required to d...
Considering the existing situation and indicators pointing to the problems or the inadequacy of some...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
Controls The main purpose of the Information Security Analyst is to control the exposure to informat...
We describe a framework for risk assessment specifically within the context of risk-based access con...
Summary The security of access and information flow carries with it the risk that resources will be ...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
Access control is the process of mediating every request to data and services maintained by a system...
The increasing need to share information in dynamic environments has created a requirement for risk-...