Application of the Clark-Wilson model for Business Intelligence System security improvement

• Autorzy: Buława P. , Kowalczyk M.

Identyfikatory

DOI

10.5604/01.3001.0009.5444

• Języki publikacji: EN

Abstrakty

EN

This paper presents the theoretical issues of data security in information systems, a practical implementation of the Clark-Wilson model on the example of Business Intelligence tool, performing the function of a telecommunications operator sales module, and an evaluation of the increase of security of the system created, using risk analysis.

Słowa kluczowe

EN

IT security; data integrity; Clark-Wilson Model; Business Intelligence; Information Systems

PL

bezpieczeństwo IT; integralność danych; model Clarka-Wilsona; Business Intelligence; systemy informacyjne

• Wydawca: Foundation for Young Scientists
• Czasopismo: Challenges of Modern Technology
• Rocznik: 2016
• Tom: Vol. 7, no. 3
• Strony: 16--19
• Opis fizyczny: Bibliogr. 14 poz., rys., tab.

Twórcy

autor

Buława P.

• Warsaw University of Technology, Faculty of Electronics and Information Technology, Institute of Telecommunications, Nowowiejska 15/19, 00-665, Warsaw, Poland.

autor

Kowalczyk M.

• Warsaw University of Technology, Faculty of Electronics and Information Technology, Institute of Telecommunications, Nowowiejska 15/19, 00-665, Warsaw, Poland.

Bibliografia

• [1] Buława P.: Implementation and evaluation of the effectiveness of Clark-Wilson data security model on the example of real Business Intelligence system; Master Thesis, 2015.
• [2] Liderman K., Bezpieczeństwo informacyjne, Wydawnictwo Naukowe PWN SA, 2012.
• [3] Molski M., Opala S., Elementarz bezpieczeństwa systemów informatycznych, MIKOM, 2002
• [4] Kenan K., Cryptography in the database: The last line of defence, Pearson Education, Inc 2006
• [5] Anderson R., Security Engineering, Wiley, 2001
• [6] United States Departement of Defense, Trusted Computer System Evaluation Criteria (The Orange Book), 1983, 1985
• [7] Brewer D. F. C., Nash M.J., The Chinese Wall Security Policy, Proceedings of IEEE Symposium on Security and Privacy, 1989
• [8] Ferraiolo D. F., Kuhn D. R., Role Based Access Controls, 15th National Computer Security Conference, 1992
• [9] Ferraiolo D. F., D. Kuhn D. R., Chandramouli R., Role-based Access Control, Artech House, 2003
• [10] Krause M., Tipton H.F., Handbook of information security management, CRC Press LLC, 1997
• [11] Clark D., Wilson D., A Comparison of Commercial and Military Computer Security Policies. Proc. IEEE Symposium on Research in Security and Privacy, 1987.
• [12] Sierocki R., Przegląd koncepcji systemów informatyczno-analitycznych przedsiębiorstw. [W:] Nowoczesne technologie informacyjne w zarządzaniu., Prace Naukowe AE we Wrocławiu nr 1044, Wrocław, s. 295., 2004.
• [13] Liderman K., Analiza ryzyka i ochrona informacji w systemach komputerowych, Wydawnictwo Naukowe PWN SA, 2008.
• [14] ISO/IEC TR 13335-3:1997—Guidelines for the Management of IT Security—Part 3: Techniques for the Management of IT Security.