PL
 |
EN

PL EN

Preferencje help
Polish version English version Język
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

Security Management: Technical Solutions vs. Global BPR Investment

Autorzy
Biennier F. , Mathieu H.
Wybrane pełne teksty z tego czasopisma
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
To face economic constraints, an enterprise organization evolves towards new structures as a networked enterprise, supply chains, a virtual enterprise or Collaborative Business organizations. This involves an interconnection of both business processes and information systems. In order to protect each partner own interest, security policies must be developed. These policies have to integrate legal, technical and organizational constraints. In this paper, we present how modular architectures can face these problems.
Słowa kluczowe
EN
Wydawca
Wydawnictwo Uniwersytetu Jagiellońskiego
Czasopismo
Schedae Informaticae
Rocznik
2005
Tom
Vol. 14
Strony
13--34
Opis fizyczny
Bibliogr. 50 poz.
Twórcy
autor
Biennier F.
frederique.biennier@insa-lyon.fr
  • PRISMa, Bat. B. Pascal, INSA de Lyon, 69621 Villeurbanne Cédex, France
autor
Mathieu H.
herve.mathieu@insa-lyon.fr
  • PRISMa, Bat. B. Pascal, INSA de Lyon, 69621 Villeurbanne Cédex, France
Bibliografia
  • [1] Alagar V.S., Periyasamy K.; Specification and verification of secure business transaction systems, Lecture Notes in Computer Science, 2540 (SOFSEM’2002 Proceedings), 2002, pp. 240–252.
  • [2] Alberts C., Dorofee A.; An Introduction to the OCTAVE SM Method., 2001. CERT White paper available at http://www.cert.org/octave/methodintro.html.
  • [3] Alberts C., Dorofee A.; Octave threats profile, 2001. CERT White paper available at http://www.cert.org/archive/pdf/OCTAVEthreatProfiles.pdf.
  • [4] Backes M., Pfitzmann B., Waidner M.; Security in Business Process Engineering, Lecture Notes in Computer Science, 2678 (BPM 2003 Proceedings), 2003, pp. 168–183.
  • [5] Biennier F., Favrel J.; Secure collaborative information system for enterprise alliances: a workflow based approach, ETFA’01 Proceedings, 2, 2001, pp. 33–41.
  • [6] Biennier F.; Security Integration in Inter-enterprise Business Process Engineering, in: H.S. Jagdev, J.C. Wortmann, H.J. Pels, (eds.), Collaborative systems for production management, Kluwer Academic Publishers, 2002, pp. 207–218.
  • [7] Biennier F., Favrel J.; Collaborative business and data privacy: toward a cyber-control?, in: G. Zülch, S. Stowasser, H.S. Jagdev, (eds.), Current trends in production management, ESIM, Shaker Verlag, 5, 2003, pp. 129–135.
  • [8] Biennier F., Favrel J.; Collaborative BP engineering in alliances of SMEs, in: L. CamarinhaMatos, H. Afsarmanesh, (eds.), Processes and foundations for virtual organizations, Kluwer Academic Publishers, 2003, pp. 441–448.
  • [9] Bussler C.; The application of workflow technology in semantic B2B integration, Distributed and Parallel Databases, 12, 2002, pp. 163–191.
  • [10] Carlson T.; Information security management: understanding ISO 17799, 2001. Lucent technology white paper, 23 p. Available at http://www.lucent.com/livelink/0900940380004b70_White_paper.pdf.
  • [11] Cassati F., Discenza A.; Modelling and managing interactions among business processes, Journal of Systems Integration, 10, 2001, pp. 145–168.
  • [12] CISCO Corp.; SAFE: A Security Blueprint for Enterprise Networks, Cisco, 2000. White paper available at http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm.
  • [13] CISCO Corp.; Safe VPN: IPSec Virtual Private Networks in depth, Cisco, 2001. White paper available at http://www.cisco.com/application/pdf/en/us/guest/netsol/ ns128/c654/cdccont_0900aecd800b05ad.pdf.
  • [14] Colleran A.; Standardisation Issues for the European Trusted Services – ETS, Final report, 1997, 80 p. Available at ftp://ftp.cordis.lu/pub/infosec/docs/quercus.doc.
  • [15] Common criteria organization, 1999. Common criteria for information technology security evaluation – Part 1: introduction and general model version 2.1 – CCIMB 99-031, 61 p. Available at http://www.commoncriteria.org/docs/PDF/CCPART1V21.PDF.
  • [16] Common criteria organization, 2000. Common criteria an introduction, 20 p. Available at http://www.commoncriteria.org/introductory_overviews/CCIntroduction.pdf.
  • [17] Department of Defence (DoD); Trusted Computer Security Evaluation Criteria – Orange Book, 1985. DOD 5200.28–STD report.
  • [18] Department of Defence (DoD); Trusted network interpretation of the Trusted Computer Security Evaluation Criteria, Red Book, 1987. DoD NCSC-TG-005 report, 332 p.
  • [19] Department Of Defence (DoD); Trusted Database Management system interpretation of the Trusted Computer Security Evaluation Criteria, 1991. DoD NSC-TG-021 report, 145 p.
  • [20] EEC; EEC directive 95/46, 1995. Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
  • [21] EEC; Information Technology Security Evaluation Criteria, 1991. Zip file downlable at http://www.cordis.lu/infosec/src/crit.htm.
  • [22] EEC Article 29 work group; Data protection working party, 2001. Opinion 8/2001 on the processing of personal data in the employment context – Ref. 5062/En/Final WP48.
  • [23] Evidian Corp.; Access Master SSO – Technical overview, 2001. Available at http://www.evidian.com/evifiles/edocs/SSOTechnicalOverview.pdf.
  • [24] Fisher-Hübner S.; IT-security and privacy, Lecture Notes in Computer Science, 1958, 2001, pp. 35–106.
  • [25] Franck R.L.; Security issues in the virtual corporation, Computers and Security, 15, 1996, pp. 471–476.
  • [26] FTC (Federal Trade Commission); Privacy online: a report to congress, 1998. Report. Available at http://www.ftc.gov/reports/privacy3/priv-23.htm.
  • [27] Grasso A., Meunier J.L., Pagani D., Paraeschi R.; Distributed coordination and workflow on the World Wide Web, The Journal of Distributed Computing, 6, 1997, pp. 175–200.
  • [28] Gudes E., Tubman A.; AutoWF – A secure web workflow system using autonomous objects, Data and Knowledge Engineering, 43, 2002, pp. 1–27.
  • [29] Hunt R.; Internet/intranet firewall security – Policy, architecture and transaction services, Computer Communications, 21, 1998. pp. 1107–1123.
  • [30] Hunt R.; Technological infrastructure for PKI and digital certification, Computer Communication, 24, 2001, pp. 1460–1471.
  • [31] IBM Corp.; IBM Tivoli Access Manager for e-business, 2003. Available at http://www.redbooks.ibm.com/redpapers/pdfs/redp3677.pdf.
  • [32] ISO; ISO/IEC 17799:2000 standard – Information technology, 2000. Code of practice for information security management.
  • [33] Jürjens J.; UMLsec: Extending UML for Secure Systems Development, Lecture Notes in Computer Science, 2460 (UML 2002 Proceedings), 2002, pp. 412–425.
  • [34] Kovacich G.; The ISSO must understand the business and management environment, Computer and Security, 16, 1997, pp. 321–326.
  • [35] Lemieux J.R.; Integrity and the quality of information – part 1, Computer Fraud and Security, March 1997, 1997, pp. 15–19.
  • [36] Lemieux J.R.; Integrity and the quality of information – part 2, Computer Fraud and Security, April 1997, 1997, pp. 14–19.
  • [37] Levitin A.V., Redman T.C.; Data as a resource: properties, implications and prescriptions, Sloan Management Review, fall 1998, 1998, pp. 89–101.
  • [38] Li D., Hu S., Bai S.; A uniform model for authorization and access control in enterprise information platform, Lecture Notes in Computer Science, 2480 (EDCIS 2002 Proceedings), 2002, pp. 180–192.
  • [39] Lin A., Brown R.; The application of security policy to role-based access control and the common data security architecture, Communication, 23, 2000, pp. 1584–1593.
  • [40] Maruster L., Wortmann J., Weijters A., van der Aalst W.; Discovering distributed processes in supply chains, in: H.S. Jagdev, J.C. Wortmann, H.J. Pels, (eds.), Collaborative systems for production management, Kluwer Academic Publishers, 2002, pp. 219–230.
  • [41] Mc Envoy., Whitcombe A.; Structured risk analysis, Lecture Notes in Computer Science, 2437 (InfraSec 2002 Proceedings), 2002, pp. 88–103.
  • [42] Mc Hugh J., Christie A., Allen J.; Defending yourself: the role of intrusion detection systems, IEEE Software, September/October 2000, 2000, pp. 42–51.
  • [43] Neuman B.C., Ts'o T.; Kerberos: An Authentication Service for Computer Networks, IEEE Communications, September 1994, 32,9, 1994, pp. 33–38.
  • [44] Papazoglou M.P.; Web services and Business transactions, World Wide Web Internet and Web Information Systems, 2003 (6), pp. 49–91.
  • [45] Samarati P., Ammann P., Jajodia S.; Maintaining replicated authorizations in distributed database systems, Data & Knowledge Engineering, February 1996, 18,1, 1996, pp. 55–84.
  • [46] Sherwood J.; SALSA: A method for developing the enterprise security architecture and strategy, Computers and Security, 15, 1996, pp. 501–506.
  • [47] Thompson P.B.; Privacy, secret and security, Ethics and Information Technology , 3, 2001, pp. 13–19.
  • [48] Trcek D.; Security policy conceptual modelling and formalization for networked information systems, Computer Communications, 23, 2000, pp. 1716–1723.
  • [49] US Dept Of Commerce; Safe harbor workbook, 2003. Available at http://www.export.gov/safeharbor/sh_workbook.html.
  • [50] Verwoerd T., Hunt R.; Intrusion detection techniques and approaches, Computer Communications, 25, 2002, pp. 1356–1365.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-article-BUJ3-0004-0099
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.