文章基本信息

标题：Ontology of Information Security in Enterprises
本地全文：下载
作者：Stephen Schiavone ; Lalit Garg ; Kelly Summers 等
期刊名称：Electronic Journal of Information Systems Evaluation
电子版ISSN：1566-6379
出版年度：2014
卷号：17
期号：1
页码：71-87
出版社：Academic Conferences Limited
摘要：þÿAbstract: Todayâ ¬!"s global free‑market enterprise is reliant on the interconnectedness of social, economic and political ecosystems. Enterprises no longer maintain a simple unary relationship between its customers and consumers. Enterprises have become an integral part of a complex relationship within the new socio‑ and techno‑ economic paradigm. The cornerstone of this new model is the Internet formed from a collection of eclectic commodity‑based and inconsistently constructed technologies that, at an aggregate level, do not lend themselves to provide a secure and trustworthy channel to conduct or transact business. Enterprises have struggled to implement an appropriate and continuous level of protection in part by underestimating the effect of organizational complexity and not adopting a holistic (systems thinking) approach to the problem of enterprise security. This research paper examines key issues that undermine the ability of enterprises to formulate effective and viable security models and proposes an alternative framework that forms the basis and foundation to engineering more reliable fail‑safe and failâ ¬ secure models. The proposed solution considers the creation of an enterprise‑specific ontology that describes the enterprise as a complex system. A security framework is developed that recognizes the organization as a set of business capabilities that have measureable strategic outcomes against which business decisions regarding security are made. The proposed model advocates symmetry between security prevention, prediction and fail‑safe concepts. To ensure the appropriate use of security, a business value model is defined that is a function of financial, operational and security‑based quality assurance measures. The concept of value chain is used to describe the relationship between an organizationâ ¬!"s strategy and its resources responsible for the execution of its operating plan. Validation of the â ¬ÜEnterprise Ontologyâ ¬!" and â ¬ÜInformation Security Capability‑Driven Frameworkâ ¬!" is obtained from the creation of a business strateg
关键词：þÿ00000000000000000000K00000000000000000000e00000000000000000000y00000000000000000000w00000000000000000000o00000000000000000000r00000000000000000000d00000000000000000000s00000000000000000000:00000000000000000000 00000000000000000000o00000000000000000000n00000000000000000000t00000000000000000000o00000000000000000000l00000000000000000000o00000000000000000000g00000000000000000000y ; f00000000000000000000a00000000000000000000i00000000000000000000l00000000000000000000-00000000000000000000s00000000000000000000e00000000000000000000c00000000000000000000u00000000000000000000r00000000000000000000e ; f00000000000000000000a00000000000000000000i00000000000000000000l00000000000000000000 00000000000000000000s00000000000000000000a00000000000000000000f00000000000000000000e ; r00000000000000000000e00000000000000000000l00000000000000000000i00000000000000000000a00000000000000000000b00000000000000000000i00000000000000000000l00000000000000000000i000000000000000000