MASTER as a Security Management Tool for Policy Compliance
| Autor: | Bruno Crispo, Valentina Di Giacomo, Gabriela Gheorghe, Domenico Presenza |
|---|---|
| Rok vydání: | 2010 |
| Předmět: |
Cloud computing security
business.industry Computer science Sherwood Applied Business Security Architecture Computer security model Computer security computer.software_genre Security policy Security information and event management Outsourcing ITIL security management Security service Risk analysis (engineering) Network security policy Security management business computer |
| Zdroj: | Towards a Service-Based Internet ISBN: 9783642176937 ServiceWave |
| DOI: | 10.1007/978-3-642-17694-4_29 |
| Popis: | The problem of assessing security mechanisms in dynamic service-oriented architectures remains open. Assessment is particularly important in outsourcing scenarios to provide evidence on how policies across different providers are complied with. This evidence is essential to provide assurance to enterprise management that contractual agreements are satisfied, and if they are not, to what extend and in what conditions. The problem of assessing compliance with rules and regulations is difficult to solve, for several reasons. First, SOA are highly dynamic and distributed, which makes it difficult to monitor and aggregate evidence from different locations of interest. Second, the complexity of the requirements in the policies makes it difficult to associate these requirements with meaningful evidence. The reason is that high-level requirements may require evidence the collection of which needs to be broken down into low level evidence (i.e. operating system logs) that business constraints are satisfied as the application is running. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|