Towards a Model to Support the Reconciliation of Security Actions across Enterprises

@article{Nurse2012TowardsAM,
  title={Towards a Model to Support the Reconciliation of Security Actions across Enterprises},
  author={Jason R. C. Nurse and Jane Sinclair},
  journal={2012 Workshop on Socio-Technical Aspects in Security and Trust},
  year={2012},
  pages={11-18}
}
As an increasing amount of businesses look towards collaborations to gain a strategic advantage in the marketplace, the importance of systems to support these collaborative activities significantly increases. Within this area, arguably one of the most important issues is supporting interaction security. This is both at the initial, higher level of humans from businesses agreeing on joint security needs and the lower level of security technologies (communication protocols, VPNs, and so on). As… 
Taxonomies for software security
TLDR
This thesis explores the mechanisms of concurrent interaction between concurrent processes and tries to bring some order to synchronization by studying attack patterns, not only at code level, but also from the perspective of abstract programming concepts.
Identifying risk profiles and mitigating actions for business communication services
TLDR
A model that identifies risk context and automatically selects appropriate actions to address threats with mitigating actions that do not unduly disrupt business, yet protect vulnerable assets is proposed.

References

SHOWING 1-10 OF 33 REFERENCES
An Evaluation of BOF4WSS and the Security Negotiations Model and Tool used to Support it
TLDR
This paper aims to advance proposals for cross-enterprise security negotiations by presenting and discussing a key stage of their evaluation, which uses interviews with industry-based security professionals from the field to gather critical, objective feedback on the use and suitability of the proposals in fulfilling their aims.
A Thorough Evaluation of the Compatibility of an E−Business Security Negotiations Support Tool
TLDR
This paper aims to advance the research of a proposed support tool by engaging in a very detailed evaluation of its compatibility with existing security needs determination methods (commonly, risk management and assessment techniques).
Information Security in the Extended Enterprise: A Research Agenda
TLDR
A basic research framework is derived based on related research, an observation of the interdependencies of firms and a series of cases from different industry sectors, and which factors and incentives might be catalysts for the adoption of such a framework by a single firm, business network, or even public welfare.
BOF4WSS: A Business-Oriented Framework for Enhancing Web Services Security for e-Business
  • Jason R. C. Nurse
  • Computer Science, Business
    2009 Fourth International Conference on Internet and Web Applications and Services
  • 2009
TLDR
This research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises.
Security Decision-Making among Interdependent Organizations
TLDR
A model for security decision-making in such settings, using a variation of linear influence networks, is developed and applied to investigate three examples: web site security with shared passwords, customer education against phishing and identity theft, and anti-spam email filters.
A Framework for Web Services Security Policy Negotiation
TLDR
A framework for a web services security policy negotiation system that web services consumers and providers can use to negotiate a customised security contract is introduced, by incorporating human intuitiveness supported by an intelligent negotiation support system.
Methods and limitations of security policy reconciliation
  • P. Mcdaniel, A. Prakash
  • Political Science, Computer Science
    Proceedings 2002 IEEE Symposium on Security and Privacy
  • 2002
TLDR
The limits and methods of reconciliation in a general-purpose policy model are considered, an algorithm for efficient two-policy reconciliation is identified, and it is shown that, in the worst-case, reconciliation of three or more policies is intractable.
Security and Privacy in Collaborative Distributed Systems
  • S. Yau
  • Computer Science
    COMPSAC
  • 2005
TLDR
This panel will address various challenging issues of security and privacy in developing collaborative distributed systems and discuss recent advances as well as future trends in dealing with them.
Methods and limitations of security policy reconciliation
TLDR
The limits and methods of reconciliation in a general-purpose policy model are considered and an algorithm for efficient two-policy reconciliation is identified and it is shown that, in the worst-case, reconciliation of three or more policies is intractable.
Security investment games of interdependent organizations
TLDR
A model for security decision-making in inter-dependent organizations described by a linear influence network, where there are ways of improving the matrix such that two organizations decrease their investments while all others maintain the same level of investment is developed.
...
1
2
3
4
...