Elevating the discussion on security management the data centric paradigm

Second IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM 2007

Volumn , Issue , 2007, Pages 84-93

  Grandison, Tyrone ^a   Bilger, Michael ^b   O'Connor, Luke ^c   Graf, Marcel ^d   Swimmer, Morton ^d   Schunter, Matthias ^d   Wespi, Andreas ^d   Zunic, Nev ^b  

^a IBM ALMADEN RESEARCH CENTER   (United States)

^b IBM   (United States)

^c ZURICH FINANCIAL SERVICES   (Switzerland)

^d IBM RESEARCH ZURICH   (Switzerland)

Author keywords

Data security; Management decision making; Resource management; Security

Indexed keywords

DECISION MAKING; INFORMATION MANAGEMENT; MATHEMATICAL MODELS; RISK ANALYSIS;

DATA CENTRIC SECURITY MODEL (DCSM); RESOURCE MANAGEMENT;

SECURITY OF DATA;

EID: 34748912976     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/BDIM.2007.375015     Document Type: Conference Paper

References (21)

1. Privacy Rights Clearinghouse, "A Chronology of Data Breaches", http://www.privacyrights.org/ar/ChronDataBreaches.htm
2. Privacy Rights Clearinghouse, "How Many Identity Theft Victims Are There? What is the Impact? Summary of Survey Findings", http://www.privacyrights.org/ar/idtheftsurveys.htm
3. SANS, "The Ten Most Important Security Trends of the Coming Year", http://www.sans.org/resources/10_security_trends.pdf?ref=2411
4. J. Rachels, "Why Privacy is Important", Philosophy and Public Affairs, Vol. 4, No. 4 (Summer 1975), pp. 323-333.
5. K. Kailing, A. Löser and V.Markl, "Challenges and Trends in Information Management", Datenbank-Spektrum, Volume 6, Number 19, 2006, pp. 15-22.
6. R. Agrawal, J. Kiernan, R. Srikant and Y. Xu. "Hippocratic Databases". Proc. of the 28th Int'l Conf. on Very Large Databases (VLDB 2002), Hong Kong, China, August 2002.
7. J. L. King, "Operational risk : measurement and modeling", Publisher: New York: Wiley, 2001.
8. Securities and Exchange Commission, "Sarbanes Oxley SEC Rules", http://www.sarbanes-oxley.com/section.php?level=1&pub_id=SEC-Rules.
9. Information Systems Audit and Control Association (ISACA), "CobiT4.0: the newest evolution of control objectives for information and related technology, the world's leading IT Control and Governance Framework", http://www.isaca.org/Content/NavigationMenu/ Members_and_Leaders/COBIT6/Obtain_COBIT/COBIT40-Brochure.pdf
10. International Organization for Standardization, "The ISO 17799 Directory", http://www.iso-17799.com/
11. H. Cavusoglu, B. Mishra and S. Raghunathan, "A model for evaluating IT security investments", Communications of the ACM, Vol 47, Issue 7, 2004, Pages 87-92.
12. J. F. Broder, "Risk Analysis and the Security Survey", Publisher: Boston : Butterworth, 2000.
13. R. Young, "Putting Requirements Theory into Practice at Northrop Grumman," , Proceedings of the 14th IEEE International Requirements Engineering Conference (RE'06), 2006.
14. C. B. Haley, J. D. Moffett, R. Laney and B. Nuseibeh, "A framework for security requirements engineering", Proceedings of the 2006 international workshop on Software engineering for secure systems. Pg: 35 - 42. 2006
15. T. Ager, C. Johnson and J. Kiernan, "Policy-Based Management and Sharing of Sensitive Information among Government Agencies", Proceedings of the 25th IEEE Military Communications Conference, Washington DC, USA, October 2006.
16. K. Lefevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu and D. DeWitt. "Limiting Disclosure in Hippocratic Databases". Proc. of the 30th Int'l Conf. on Very Large Databases (VLDB 2004), Toronto, Canada, August 2004.
17. R. Sandhu and P. Samarati, "Access Control: Principles and Practice", IEEE Communications Magazine, vol. 32(9), pp. 40-48. 1994.
18. th National Computer Security Conference, Baltimore, Maryland, U.S.A., pp. 87-96, 20-23 September 1993.
19. L. daCosta, G. Alves and A. Almeida, "Enterprise Security Governance - A practical guide to implement and Control ISG (Information Security Governance)", Proceedings of the 1st IEEE/IFIP International Workshop on Business-Driven IT Management, Vancouver, Canada. April 7, 2006.
20. I. Aib, M. Salle, C. Bartolini, A. Boulmakoul, R. Boutaba and G. Pujolle, "Business Aware Policy Based Management, Proceedings of the 1st IEEE/IFIP International Workshop on Business-Driven IT Management, Vancouver, Canada. April 7, 2006.
21. F. Yip, P. Ray and N. Paramesh, "Enforcing Business Rules and Information Security Policies through Compliance Audits", Proceedings of the 1st IEEE/IFIP International Workshop on Business-Driven IT Management, Vancouver, Canada. April 7, 2006.