To read this content please select one of the options below:

From risk analysis to effective security management: towards an automated approach

Vassilis Tsoumas (Department of Informatics, Athens University of Economics and Business, Petroupolis/Athens, Greece)
Theodore Tryfonas (Department of Informatics, Athens University of Economics and Business, Petroupolis/Athens, Greece)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 1 February 2004

2394

Abstract

Effective and risk‐free operation of modern information systems relies heavily on security practices and overall information security management. Usually, organizations perform risk analysis in order to adjust their security practices and controls to an acceptable level of risk. One of the various outputs of a risk analysis is a set of recommended practices expressed in high‐level statements of a natural language. In order to be applied to the real world, it is necessary to technically implement those requirements tailored to the specific organizational context. This is usually performed by experienced individuals. For this technical implementation and the configuration of the information technology facilities, several formal policy languages exist, which define access control policies, roles and responsibilities. This paper describes requirements for a software tool that could assist in the transition from high‐level security requirements to a formal, well‐defined policy language. Such a tool would provide valuable assistance and support in both policy implementation and overall security management.

Keywords

Citation

Tsoumas, V. and Tryfonas, T. (2004), "From risk analysis to effective security management: towards an automated approach", Information Management & Computer Security, Vol. 12 No. 1, pp. 91-101. https://doi.org/10.1108/09685220410518856

Publisher

:

Emerald Group Publishing Limited

Copyright © 2004, Emerald Group Publishing Limited

Related articles