Title :
Representation of security policy for a telecommunications application
Author :
Dobson, John ; Martin, Mike
Author_Institution :
Newcastle upon Tyne Univ., UK
Abstract :
A discussion is given on the nature of a security policy and a distinction is made between the concepts of an organisational security policy and an automated security policy. An organisational security policy is the set of laws, rules and practices that regulate how an organisation manages, protects, and distributes resources in order to achieve specified security objectives. An automated security policy is the set of restrictions and properties that specify how a computing system prevents information and computing resources from being (mis)used to violate an organisational security policy. The authors show how to represent organisational policies in terms of an enterprise model, and how restrictions and properties of the automated policy play a key role in the enforcement of the organisational policy. They also present an example showing how these ideas are applied to security policy issues surrounding the automation of an authorisation function for a telecommunications application
Keywords :
DP management; security of data; telecommunication systems; telecommunications computing; authorisation function; automated security policy; computing resources; computing system; enterprise model; laws; organisational security policy; restrictions; rules; security policy issues; specified security objectives; telecommunications application;
Conference_Titel :
Software Engineering for Telecommunication Systems and Services, 1992., Eighth International Conference on
Conference_Location :
Florence
Print_ISBN :
0-85296-542-7
