电子政策中的可执行性与问责性

Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06) Pub Date : 2006-06-05 DOI:10.1109/POLICY.2006.18

T. Breaux, A. Antón, Clare-Marie Karat, J. Karat

{"title":"电子政策中的可执行性与问责性","authors":"T. Breaux, A. Antón, Clare-Marie Karat, J. Karat","doi":"10.1109/POLICY.2006.18","DOIUrl":null,"url":null,"abstract":"Laws, regulations, policies and standards are increasing the requirements complexity of software systems that ensure information resources are both available and protected. To motivate discussions as to how current policy models can address this problem, we surveyed several regulations, standards and organizational security policies to identify how elements in these documents affect both personnel responsibilities and software system security. We present a resulting taxonomy that distinguishes between enforceable and accountable policies and we discuss the value of both in achieving compliance","PeriodicalId":169233,"journal":{"name":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"Enforceability vs. accountability in electronic policies\",\"authors\":\"T. Breaux, A. Antón, Clare-Marie Karat, J. Karat\",\"doi\":\"10.1109/POLICY.2006.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Laws, regulations, policies and standards are increasing the requirements complexity of software systems that ensure information resources are both available and protected. To motivate discussions as to how current policy models can address this problem, we surveyed several regulations, standards and organizational security policies to identify how elements in these documents affect both personnel responsibilities and software system security. We present a resulting taxonomy that distinguishes between enforceable and accountable policies and we discuss the value of both in achieving compliance\",\"PeriodicalId\":169233,\"journal\":{\"name\":\"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-06-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/POLICY.2006.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2006.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 19

摘要

法律、法规、政策和标准正在增加软件系统的复杂性，以确保信息资源既可用又受到保护。为了激发关于当前策略模型如何处理这个问题的讨论，我们调查了一些法规、标准和组织安全策略，以确定这些文档中的元素如何影响人员职责和软件系统安全性。我们提出了一种区分可执行和可问责政策的分类方法，并讨论了两者在实现合规方面的价值

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enforceability vs. accountability in electronic policies

Laws, regulations, policies and standards are increasing the requirements complexity of software systems that ensure information resources are both available and protected. To motivate discussions as to how current policy models can address this problem, we surveyed several regulations, standards and organizational security policies to identify how elements in these documents affect both personnel responsibilities and software system security. We present a resulting taxonomy that distinguishes between enforceable and accountable policies and we discuss the value of both in achieving compliance

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)

自引率

0.00%

发文量