Title of article
A Formal Methodology for Detecting Managerial Vulnerabilities and Threats in an Enterprise Information System
Author/Authors
Anirban Sengupta، نويسنده , , Chandan Mazumdar • Aditya Bagchi، نويسنده ,
Issue Information
روزنامه با شماره پیاپی سال 2011
Pages
24
From page
319
To page
342
Abstract
From information security point of view, an enterprise is considered as a
collection of assets and their interrelationships. These interrelationships may be
built into the enterprise information infrastructure, as in the case of connection of
hardware elements in network architecture, or in the installation of software or in
the information assets. As a result, access to one element may enable access to
another if they are connected. An enterprise may specify conditions on the access of
certain assets in certain mode (read, write etc.) as policies. The interconnection of
assets, along with specified policies, may lead to managerial vulnerabilities in the
enterprise information system. These vulnerabilities, if exploited by threats, may
cause disruption to the normal functioning of information systems. This paper
presents a formal methodology for detection of managerial vulnerabilities of, and
threats to, enterprise information systems in linear time.
Keywords
Enterprise information security Security management Security algorithm Security policies
Journal title
Journal of Network and Systems Management
Serial Year
2011
Journal title
Journal of Network and Systems Management
Record number
841498
Link To Document