Organizational modeling for efficient specification of information security requirements

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 1691, Issue , 1999, Pages 247-260

  Leiwo, Jussipekka ^a,b   Gamage, Chandana ^a   Zheng, Yuliang ^a  

^a MONASH UNIVERSITY   (Australia)

^b VU UNIVERSITY AMSTERDAM   (Netherlands)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION SYSTEMS; SPECIFICATIONS;

COMMUNICATIONS SECURITY; EFFICIENT SPECIFICATIONS; INFORMATION SECURITY REQUIREMENTS; ORGANIZATIONAL MODELING; REQUIREMENT DEPENDENCIES; SECURITY REQUIREMENTS;

SECURITY OF DATA;

EID: 84958970458     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-48252-0_19     Document Type: Conference Paper

References (28)

1. A. Anderson, D. Longley, and L. F. Kwok. Security modeling for organizations. In 2nd ACM Conference on Computer and Communications Security, pages 241-250, Fairfax, VA, USA, 1994. ACM Press.
2. J. Backhouse and G. Dhillon. Structures of responsibility and security of information systems. European Journal of Information Systems, 5(1):2-9, 1996.
3. D. Bailey. A philosophy of security management. In M. D. Abrams, S. Jajodia, and H. J. Podell, editors, Information Security, An Integrated Collection of Essays, pages 98-110. IEEE Computer Society Press, Los Alamitos, CA, USA, 1995.
4. R. Baskerville. Risk analysis as a source of professional knowledge. Computers & Security, 10(8), 1991.
5. R. Baskerville. Information systems security design methods: Implications for information systems development. ACM Computing Surveys, 25(4):375-414, December 1993.
6. D. E. Bell and L. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corporation, Bedford, MA, USA, 1973.
7. Code of practise for information security management. British Standards Institute Standard BS 7799, UK, 1995.
8. International standard ISO/IEC 15408 common criteria for information technology security evaluation (parts 1-3), version 2.0, CCIB-98-026, May 1998.
9. R. Fisher. Information Systems Security. Prentice-Hall, 1984.
10. W. Ford. Computer Communications Security: Principles, Standard Protocols, and Techniques. Prentice Hall, Inc., Englewood Cliffs, NJ, USA, 1995.
11. A. O. Freier, P. Karlton, and P. C. Kocher. The SSL protocol, version 3.0. Internetdraft draft-freier-ssl-version3-02.txt, November 18 1996.
12. J. A. Goguen and J. Mesegeur. Unwinding and inference control. In Proceedings of the 1984 IEEE Symposium on Security and Privacy, 1984.
13. C. A. R. Hoare. Communicating Sequential Processes. Prentice Hall, London, UK, 1985.
14. IT baseline protection manual. BSI, Germany, 1996.
15. B. Lampson. Protection. ACM Operating Systems review, 8:18-24, 1974.
16. L. J. LaPadula. Foreword for republishing of the Bell-LaPadula model. Journal of Computer Security, 4:233-238, 1996.
17. J. Leiwo. Harmonization of Information Security Requirements. PhD thesis, Monash University, 1999.
18. J. Leiwo and Y. Zheng. A formal model to aid documenting and harmonizing of information security requirements. In L. Yngström and J. Carlsen, editors, Information Security in Research and Business, Proceedings of the IFIP TC11 13th International Conference on Information Security (SEC’97), pages 25-38. Chapman & Hall, May 14-161997.
19. J. Leiwo and Y. Zheng. A framework for the management of information security requirements. In Information Security, Proceedings of the First International Workshop, number 1396in Lecture Notes in Computer Science, pages 232-245. Springer-Verlag, 1997.
20. D. McCullough. Specifications for multi-level security and hook-up property. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, pages 161-166, 1987.
21. D. B. Parker. Managers Guide to Computer Security. Prentice-Hall, Inc, Reston, VA, USA, 1981.
22. C. Salter, O. S. Saydjari, B. Schneier, and J. Wallner. Toward a secure system engineering methodology. In Proceedings of the New Security Paradigms Workshop. ACM Press, September 1998.
23. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, pages 38-47, February 1996.
24. S. Smith. LAVA’s dynamic threat analysis. In Proceedings of the 12th National Computer Security Conference, 1989.
25. D. F. Sterne. On the buzzwork ”security policy”. In Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, pages 219-230. IEEE Computer Society Press, 1991.
26. D. Sutherland. A model of information. In Proceedings of the 9th National Computer Security Conference, 1986.
27. R. von Solms. Information security management: The second generation. Computers & Security, 15(4):281-288, 1996.
28. J. D. Weiss. A system security engineering process. In Proceedings of the 14th National Computer Security Conference, 1991.