Security policies in organisations typically take the form of obligations for the employees. However, it is often unclear what the purpose of such obligations is, and how these can be integrated in the operational processes of the organisation. This can result in policies that may be either too strong or too weak, leading to unnecessary productivity loss, or the possibility of becoming victim to attacks that exploit the weaknesses, respectively. In this paper, we propose a framework in which the security obligations of employees are linked directly to prohibitions that prevent external agents (attackers) from reaching their goals. We use graph-based and logicbased approaches to formalise and reason about such policies, and show how the fram...
It is widely agreed that a large amount of information systems (IS) security incidents occur in the ...
International audienceThis paper presents an approach allowing for a given security and utility requ...
Abstract—Insider threats are a major threat to many or-ganisations. Even worse, insider attacks are ...
Security policies in organisations typically take the form of obligations for the employees. However...
Security policies in organisations typically take the form of obligations for the employees. However...
Abstract With the ubiquitous deployment of large scale networks, more and more complex human interac...
International audienceObligations are an essential element of security policies since they enable th...
This paper analyses the problem of specifying a security policy for organizations. First, various is...
Existing security-policy specification languages allow users to specify obligations, but open challe...
Security policy-makers (influencers) in an organization set security policies that embody intended b...
Recently, there has been an increase of reported security threats hitting organizations. Some of the...
In this paper we show that the logical framework proposed by Becker et al. to reason about security ...
Abstract. There exist many approaches to specify and to define secu-rity policies. We present here a...
Most organizations use several security policies to con-trol different systems and data, comprising ...
This thesis explores defining security policies in a decentralized setting and dynamic methods of en...
It is widely agreed that a large amount of information systems (IS) security incidents occur in the ...
International audienceThis paper presents an approach allowing for a given security and utility requ...
Abstract—Insider threats are a major threat to many or-ganisations. Even worse, insider attacks are ...
Security policies in organisations typically take the form of obligations for the employees. However...
Security policies in organisations typically take the form of obligations for the employees. However...
Abstract With the ubiquitous deployment of large scale networks, more and more complex human interac...
International audienceObligations are an essential element of security policies since they enable th...
This paper analyses the problem of specifying a security policy for organizations. First, various is...
Existing security-policy specification languages allow users to specify obligations, but open challe...
Security policy-makers (influencers) in an organization set security policies that embody intended b...
Recently, there has been an increase of reported security threats hitting organizations. Some of the...
In this paper we show that the logical framework proposed by Becker et al. to reason about security ...
Abstract. There exist many approaches to specify and to define secu-rity policies. We present here a...
Most organizations use several security policies to con-trol different systems and data, comprising ...
This thesis explores defining security policies in a decentralized setting and dynamic methods of en...
It is widely agreed that a large amount of information systems (IS) security incidents occur in the ...
International audienceThis paper presents an approach allowing for a given security and utility requ...
Abstract—Insider threats are a major threat to many or-ganisations. Even worse, insider attacks are ...