Tyrone Grandison, Michael Bilger, Luke O’Connor, M. Graf, Morton Swimmer, M. Schunter, A. Wespi, Nevenko Zunic
{"title":"提升安全管理的讨论:以数据为中心的范式","authors":"Tyrone Grandison, Michael Bilger, Luke O’Connor, M. Graf, Morton Swimmer, M. Schunter, A. Wespi, Nevenko Zunic","doi":"10.1109/BDIM.2007.375015","DOIUrl":null,"url":null,"abstract":"Corporate decision makers have normally been disconnected from the details of the security management infrastructures of their organizations. The management of security resources has traditionally been the domain of a small group of skilled and technically savvy professionals, who report to the executive team. As threats become more prevalent, attackers get smarter and the infrastructure required to secure corporate assets become more complex, the communication gap between the decision makers and the implementers has widened. The risk of misinterpretation of corporate strategy into technical safe controls also increases with the above-mentioned trends. In this paper, we articulate a paradigm for managing enterprise security called the data centric security model (DCSM), which puts IT policy making in the hands of the corporate executives, so that security decisions can be directly executed without the diluting effect of interpretation at different levels of the Infrastructure and with the benefit of seeing direct correlation between business objective and security mechanism. Our articulation of the DCSM vision is a starting point for discussion and provides a rich platform for research into business-driven security management.","PeriodicalId":414047,"journal":{"name":"2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management","volume":"661 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"31","resultStr":"{\"title\":\"Elevating the Discussion on Security Management: The Data Centric Paradigm\",\"authors\":\"Tyrone Grandison, Michael Bilger, Luke O’Connor, M. Graf, Morton Swimmer, M. Schunter, A. Wespi, Nevenko Zunic\",\"doi\":\"10.1109/BDIM.2007.375015\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Corporate decision makers have normally been disconnected from the details of the security management infrastructures of their organizations. The management of security resources has traditionally been the domain of a small group of skilled and technically savvy professionals, who report to the executive team. As threats become more prevalent, attackers get smarter and the infrastructure required to secure corporate assets become more complex, the communication gap between the decision makers and the implementers has widened. The risk of misinterpretation of corporate strategy into technical safe controls also increases with the above-mentioned trends. In this paper, we articulate a paradigm for managing enterprise security called the data centric security model (DCSM), which puts IT policy making in the hands of the corporate executives, so that security decisions can be directly executed without the diluting effect of interpretation at different levels of the Infrastructure and with the benefit of seeing direct correlation between business objective and security mechanism. Our articulation of the DCSM vision is a starting point for discussion and provides a rich platform for research into business-driven security management.\",\"PeriodicalId\":414047,\"journal\":{\"name\":\"2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management\",\"volume\":\"661 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-05-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"31\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BDIM.2007.375015\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BDIM.2007.375015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Elevating the Discussion on Security Management: The Data Centric Paradigm
Corporate decision makers have normally been disconnected from the details of the security management infrastructures of their organizations. The management of security resources has traditionally been the domain of a small group of skilled and technically savvy professionals, who report to the executive team. As threats become more prevalent, attackers get smarter and the infrastructure required to secure corporate assets become more complex, the communication gap between the decision makers and the implementers has widened. The risk of misinterpretation of corporate strategy into technical safe controls also increases with the above-mentioned trends. In this paper, we articulate a paradigm for managing enterprise security called the data centric security model (DCSM), which puts IT policy making in the hands of the corporate executives, so that security decisions can be directly executed without the diluting effect of interpretation at different levels of the Infrastructure and with the benefit of seeing direct correlation between business objective and security mechanism. Our articulation of the DCSM vision is a starting point for discussion and provides a rich platform for research into business-driven security management.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
