chapter vii security management for an e-enterprise -ramyah rammohan
TRANSCRIPT
![Page 1: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/1.jpg)
Chapter VIISecurity Managementfor an E-Enterprise
-Ramyah Rammohan
![Page 2: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/2.jpg)
Introduction
What is EI ?
Integration of people, organization, and technology.
Objective of EI
Emphasize the need for security management, integration of security the enterprise.
Integration Problem
Diverse Security mechanism
![Page 3: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/3.jpg)
Background
Security domain-help partition the enterprise network into logical entities
Trust levels -allow for evaluation of the security needs of each domain
Tiered networks- provide a model for physically partitioning the enterprise network as per the enterprise security policy.
![Page 4: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/4.jpg)
Outline of Security Management
Security Metrics
e-enterprise securitymanagement
E-enterprise securityProfile(ESP)
FU security capabilities(FUSC)
![Page 5: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/5.jpg)
Security Domain, E-Enterprise Security Profile
Auditing:-The security of information systems requires the ability to trace all actions on sensitive objects back to the subjects originating these actions.-Application dependent
Authentication:-“authentication is the binding of an identity to a subject” (Bishop, 2002,p. 309).-SOS (Single sign on)
Access Control:protection against unauthorized access to or modification of information.
![Page 6: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/6.jpg)
Cntd..
Cryptography :Cryptographic mechanisms not only help in restricting access of secure information to unauthorized subjects, but also provide support to ensure data integrity.
System Protection : This domain includes mechanisms that are used to protect the integrity of the system and data.
Intrusion Detection : Detecting events that represent attempts to breach security.
Perimeter Protection :Preventing unauthorized information exchange at boundaries.
.
![Page 7: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/7.jpg)
Definition
The e-enterprise security profile is defined as a matrix, ESP, consisting of n + 1 rows and m columns, where:
n = Total number of FUs requiring integrationm = Total number of security domains
The n + 1th row depicts the security requirements for additional centralized control, if required to provide centralized security mechanisms such as single sign-on.
The FUs security capabilities is defined as a matrix, FUSC, consisting of n rows and m columns, where n and m are as given in Definition 1.
![Page 8: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/8.jpg)
ESP and FUSC matrix
ESP Matrix
FUSC Matrix
References:Enterprise Information System Assurance and security- Merrill Warkentin and Rayford Vaughn
![Page 9: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/9.jpg)
Software Metrics
Survivability is defined as the as “the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents” (Ellison et al., 1997, p. 2).
Privacy is used to quantify the extent of privacy support provided by the e-enterprise.
Confidentiality
Confidentiality is used to quantify the degree to which the information or resources of the e-enterprise are concealed.
Integrity quantify the trustworthiness and correctness of enterprise data or resources.
![Page 10: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/10.jpg)
Cntd..
Availability “the alternation between proper and improper service, and is often expressed as the fraction of time that a system can be used for its intended purpose during a specified period of time” (Nicol, Sanders, & Trivedi, 2004, p. 49).
Accountability signifies the extent to which activities in the e-enterprise are traceable to their sources.
Relaibility probability that the e-enterprise perform the
specified operations, as per its security policy, throughout a specified period of time.
Non-Repudiation Non-repudiation quantifies the extent of an enterprise to accurately associate data with its resources.
![Page 11: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/11.jpg)
Security Management
Software Metric Domains
Survivability System protection, perimeter protection, intrusion detection.
Privacy Authentication, Access control, Cryptography, System protection, Perimeter protection.
Confidentiality Authentication, Access control, Cryptography.
Integrity Access control, Cryptography, System protection.
Availability Intrusion Detection, System protection, perimeter protection
Accountability Auditing
Reliability System protection, Perimeter protection
Non-Repudiation Authentication, Auditing, Cryptographic
![Page 12: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/12.jpg)
Conclusion and Future work
Security management framework for enterprise integration. This objective is achieved by categorization of security
requirements through security domains and application of security management techniques based on security metrics.
The risk posture is defined in terms of threats (intrusion, insider attack, etc.) and undesirable consequences (loss of confidential information, etc.) that concern the enterprise (I3p, 2003).
Enterprise managers of limited enterprise resources for providing the required security solutions.
In the future, the plan is to conduct various experiments to verify the efficacy of the proposed approach.
![Page 13: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/13.jpg)
References
Enterprise Information system Assurance and security-Managerial and technical issues by Merrill Warkentin and Rayford Vaughn
http://www.wikipedia.org/
![Page 14: Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan](https://reader035.vdocuments.us/reader035/viewer/2022071807/56649ed15503460f94be0a31/html5/thumbnails/14.jpg)
Questions
-Thank you