• Title of article

    A Formal Methodology for Detecting Managerial Vulnerabilities and Threats in an Enterprise Information System

  • Author/Authors

    Anirban Sengupta، نويسنده , , Chandan Mazumdar • Aditya Bagchi، نويسنده ,

  • Issue Information
    روزنامه با شماره پیاپی سال 2011
  • Pages
    24
  • From page
    319
  • To page
    342
  • Abstract
    From information security point of view, an enterprise is considered as a collection of assets and their interrelationships. These interrelationships may be built into the enterprise information infrastructure, as in the case of connection of hardware elements in network architecture, or in the installation of software or in the information assets. As a result, access to one element may enable access to another if they are connected. An enterprise may specify conditions on the access of certain assets in certain mode (read, write etc.) as policies. The interconnection of assets, along with specified policies, may lead to managerial vulnerabilities in the enterprise information system. These vulnerabilities, if exploited by threats, may cause disruption to the normal functioning of information systems. This paper presents a formal methodology for detection of managerial vulnerabilities of, and threats to, enterprise information systems in linear time.
  • Keywords
    Enterprise information security Security management Security algorithm Security policies
  • Journal title
    Journal of Network and Systems Management
  • Serial Year
    2011
  • Journal title
    Journal of Network and Systems Management
  • Record number

    841498