Policies for construction of information systems' security guidelines

IFIP Advances in Information and Communication Technology

Volumn 47, Issue , 2017, Pages 111-120

  Siponen, Mikko T ^a  

^a UNIVERSITY OF OULU   (Finland)

Author keywords

End user guidelines; Security policies

Indexed keywords

INFORMATION SYSTEMS; INFORMATION USE; SECURITY OF DATA; SECURITY SYSTEMS;

END USERS; RESEARCH TRADITIONS; SECURITY POLICY; SMALL SCALE;

CLASSIFICATION (OF INFORMATION);

EID: 25144525048     PISSN: 18684238     EISSN: 1868422X     Source Type: Book Series    
DOI: 10.1007/978-0-387-35515-3_12     Document Type: Conference Paper

References (38)

1. Anderson, R., (1996), A Security Policy Model for Clinical Information Systems. 1996 IEEE Symposium on Security and Privacy.
2. Baskerville, R., (1989), Logical Controls Specification: An approach to information system security. In H. Klein & K. Kumar (eds.) systems development for human progress. Amsterdam: North-Holland.
3. Baskerville, R., (1993), Information Security: Adapting to Survive. Information Systems Security. Vol. 2, no. 1, pp. 40-47.
4. Baskerville, R., (1995), The Second-Order Security Dilemma. in W. Orlikowski, G. Walsham, M. Jones and J. DeGross (Eds.) Information Technology and Changes in Organizational Work. London: Chapman & Hall, pp. 239-249.
5. Boswell, A., (1995), Specification and validation of a security policy model. IEEE Transaction on Software Engineering. February, vol. 21, issue 2, pp. 63-68.
6. Castano, S., Fugini, M., Martell, G., & Samarati, P., (1995), Database Security. Addison­ Wesley.
7. Chalmers, A.F., (1982), What is this thing called science? Second edition, Open University Press.
8. Conorich, D. G., (1996), UNIX Passwords. Information Systems Security. Vol. 7., No. 1.
9. Foley, S.N., (1991), A Taxonomy for Information Flow Policies and Models. Proceedings of the 1991 IEEE Computer Security Symposium on Research in Security and Privacy.
10. Glasgow, J.I & MacEwen, G.H., (1987), The development of proof a formal specification for a multilevel secure system. ACM Transactions on Computer Systems. Vol. 5., issue 2. Pp. 151-184.
11. Hale, R., (1996), End-User Computing Security Guidelines. Information System Security. Vol. 6, No.1.
12. Hare, R.M., (1981 ), Moral Thinking: its levels, methods and point. Oxford University Press, Oxford, UK.
13. Jarvinen, P., (1997), The new classification of research approaches. The IFIP Pink Summary-36 years of IFIP. Edited by H. Zemanek, Laxenburg, IFIP.
14. Jarvinen, P., (2000), Research Questions Guiding Selection of an Appropriate Research Method. Proceedings of the 8th European Conference on Information Systems (ECIS 2000), July 3-5, Vienna.
15. Lichtenstein, S. & Swatrnan, P.M.C., (1997), Internet acceptable usage policy for organizations. Information Management and Computer Security. Vol. 5, no. 5, pp. 182-190.
16. Lindup, K. R., (1995), A New Model for Information Security Policies. Computer & Security, Vol. 14, No. 8, p. 691-695.
17. Lupu, E. & Sloman, M., (1997), A Policy based role object model. Proceedings of the First International Enterprise Distributed Object Computing Workshop. IEEE Computer Society Press.
18. McLean, J., (1990), The specification and modelling of computer security. IEEE Computer. January, vol. 23, issue I, pp. 9-16.
19. Poore, R. S., (1996), The Lowly Password. Information Systems Security. Vol. 7., No. 1.
20. Ross, D., (1930), The Right and the Good. Oxford University Press.
21. Sandhu, R., (1998), Role-Based Access Control. Advances in Computers, Vol.46, Academic Press.
22. Sandhu, R.S, (1993), Lattice-based access controls. IEEE Computer. Pp. 9-19.
23. Sandhu, R., & Samarati, P., (1994), Access Control: Principle and Practice. IEEE Communications vol. 32, issue 9, pp. 40-48.
24. Sibley, E.H., Wexelblat, R.L., Michael, J.B., Tanner, M.C., & Littman, D.C., (1993), The role of policy in requirements definition. Proceedings of the IEEE International Symposium on Requirements Engineering.
25. Spruit, M.E.M, (1998), Competing against human failing. 15th IFIP World Computer Congress. 'The Global Information Society on the Way to the Next Millennium'. SEC, TC11. Vienna.
26. Straub, D. W., (1990), Effective IS Security: An empirical Study. Information System Research. Vol. 1, Number 2, June, p. 255-277.
27. Straub, D.W. & Welke, R.J., (1998), Coping with Systems Risk: Security Planning Models for Management Decision Making. MIS Quarterly, Vol. 22, No.4, p. 441-464
28. Summers, R., (1997), Secure Computing: Threats and safeguards. McGraw-Hill.
29. Thomas, R.K. & Sandhu R. S., (1994), Conceptual Foundations for a Model of Task-based Authorizations. Proceedings ofthe 7th IEEE Computer Security Foundations Workshop. Franconia, NH, June.
30. Truex, D.P., Baskerville, R. & Klein, H., (1999), Growing Systems in Emergent Organizations. Communications of the ACM. Vol. 42, No.8, pp. 117-123.
31. Warman, A.R., (1992), Organizational computer security policy: the reality. European Journal oflnformation Systems. Vol. 1, no. 5, pp. 305-310.
32. Wood, C.C., (1995), Writing InfoSec Policies. Computer & Security, Vol. 14, No. 8, p. 667-674.
33. Wood, C.C., (1996a), Constructing difficult-to-guess passwords. Information Management & Computer Security. Vol. 4, no.l, pp. 43-44.
34. Wood, C.C., (1996b), A computer emergency response team policy. Information Management & Computer Security. Vol. 4, no.2.
35. Wood, C.C., (1996c), A Policy for sending secret information over communications networks. Information Management & Computer Security. Vol. 4, no.3.
36. Wood, C.C., (1997a), Part ofthe foundation for secure systems: separation of duties policy. Information Management & Computer Security. Vol. 5, no.1, pp. 18-19.
37. Wood, C.C., (1997b), A secure password storage policy. Information Management & Computer Security. Vol. 5, no.2, pp. 79-80.
38. Yialelis, N., Lupu, E., & Sloman, M., (1996), Role-Based Security for Distributed Object Systems. Proceedings of the 5th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'96).