DocumentCode
1937856
Title
Enforceability vs. accountability in electronic policies
Author
Breaux, Travis D. ; Antón, Annie I. ; Karat, Clare-Marie ; Karat, John
Author_Institution
North Carolina State Univ., Raleigh, NC
fYear
2006
fDate
5-7 June 2006
Lastpage
230
Abstract
Laws, regulations, policies and standards are increasing the requirements complexity of software systems that ensure information resources are both available and protected. To motivate discussions as to how current policy models can address this problem, we surveyed several regulations, standards and organizational security policies to identify how elements in these documents affect both personnel responsibilities and software system security. We present a resulting taxonomy that distinguishes between enforceable and accountable policies and we discuss the value of both in achieving compliance
Keywords
law; security of data; software standards; accountable policies; electronic policies; enforceable policies; information resources; laws; organizational security policies; policy models; requirements complexity; software system regulations; software system security; software system standards; Computer security; ISO standards; Information security; Law; NIST; Personnel; Protection; Software standards; Software systems; Standards organizations;
fLanguage
English
Publisher
ieee
Conference_Titel
Policies for Distributed Systems and Networks, 2006. Policy 2006. Seventh IEEE International Workshop on
Conference_Location
London, Ont.
Print_ISBN
0-7695-2598-9
Type
conf
DOI
10.1109/POLICY.2006.18
Filename
1631176
Link To Document