Abstract
An enterprise is composed of assets and their inter-relationships. These inter-relationships are manifested in the connection of hardware assets in network architecture, or in the installation of software or information assets in hardware. Policies are used to specify and control access to enterprise assets. Inter-relationships of assets, along with specified policies, can lead to managerial vulnerabilities in the enterprise information system. Threats may exploit these vulnerabilities to breach the security of sensitive assets. This paper discusses a methodology for the specification and validation of security policies for Enterprise Information Systems. The methodology captures enterprise information security requirements, helps specify security policies, detects managerial vulnerabilities and identifies threats to enterprise information systems.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
