Elevating the Discussion on Security Management: The Data Centric Paradigm

Grandison, Tyrone; Bilger, Michael; O'connor, Leslie M.; Graf, Marcel; Swimmer, Morton; Schunter, Matthias; Wespi, Andreas; Zunic, Nevenko

doi:10.1109/bdim.2007.375015

Cited by 14 publications

(6 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These issues will be investigated in the context of the European project Primelife. Recent interest in moving towards data-oriented architectures [25] and other work in data centric security management [26] may influence future work.…”

Section: Resultsmentioning

confidence: 99%

A Data-Centric Approach for Privacy-Aware Business Process Enablement

Short¹,

Kaluvuri²

2011

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Abstract. In a SOA context, enterprises can use workflow technologies to orchestrate available business processes and their corresponding services and apply business rules or policies to control how they can be used and who can use them. This approach becomes a bit more complex when a set of business processes includes services that derive outside the company's domain and therefore can be difficult to align with existing rules/policies. In the privacy and security domain, access control and policy languages are used to define what actions can be performed on resources, by whom, for what purpose and in what context. In this paper we propose an approach for dealing with the inclusion of internal and/or external services in a business process that contains data handling policies.

show abstract

Section: Resultsmentioning

confidence: 99%

A Data-Centric Approach for Privacy-Aware Business Process Enablement

Short¹,

Kaluvuri²

2011

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

show abstract

“…Different levels of security needs are usually expressed on process data objects ( [16], [17]). As business processes are mainly task-centric (typically a task represents a web service call), we need to relate these data-centric security needs to the tasks of the business process.…”

Section: A Cloud Security Risk Assessment Modelmentioning

confidence: 99%

A Security Risk Assessment Model for Business Process Deployment in the Cloud

Goettelmann

Dahman

Gâteau

et al. 2014

2014 IEEE International Conference on Services Computing

View full text Add to dashboard Cite

Managing security risks on information systems is essential to guarantee their security while handling costs. However, the complexity of risk assessments is greatly increased when data is spread on multiple environments. In this paper we present a security risk assessment model for distributing business processes in a multi-cloud environment. We aim at offering the full power of cloud computing to composite applications while shielding companies from the complexity related to security risk assesments in the Cloud. We also want to give them the capablility to automatically generate secure and cost-effective applications across multiple clouds. Our approach is based on existing risk assessment methodologies, while using the industry recognized IT standards.

show abstract

“…Loss or exposure of data, especially highly sensitive data, can cause a great deal of damage, both tangible and intangible, to the enterprise. Data-centric security has been proposed to provide fine-grained security to important and sensitive data [2]. The concept has gained much enthusiasm among security researchers and practitioners alike, but it has not fully materialized into a practical security system, mostly because enterprises do not have a clear idea of where their sensitive data resides [3].…”

Section: Introductionmentioning

confidence: 99%

An experimental study on the measurement of data sensitivity

Park

Gates

Teiken

et al. 2011

Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security

View full text Add to dashboard Cite

Data-centric security proposes to leverage the business value of data to determine the level of overall IT security. It has gained much enthusiasm from the security community, but has not materialized into a practical security system. In this paper, we introduce our recent work towards fine-grained data centric security, which estimates the sensitivity of enterprise data semi-automatically. Specifically, the categories of sensitive data and their relative sensitivities are initially determined by subject matter experts (SMEs). We then apply a suite of text analytics and classification tools to automatically discover sensitive information in enterprise data, such as personally identifiable information (PII) and confidential documents, and estimates the sensitivity of individual data.To validate the idea, we developed a proof-of-concept system that crawls all the files in a personal computer and estimates the sensitivity of individual files and the overall sensitivity level of the computer. We conducted a pilot test at a large IT company with its employees' laptops. The pilot scanned 28 different laptops, in which 2.2 million files stored in various file formats were analyzed. Specifically, the files were analyzed to determine if they contain any of the pre-defined sensitive information, comprising 11 different PII types and 11 sensitive topics. In addition to the sensitivity estimation, we also conducted a risk survey to estimate the risk level of the laptops.We found that, surprisingly, 7% of the analyzed files belong to one of the eleven sensitive data categories defined by the SMEs of the company, and 37% of the files contain at least one piece of sensitive information such as address or person name. The analysis also discovered that the laptops have similar overall sensitivity levels, but a few machines have exceptionally high sensitivity. Interestingly, those few highly sensitive laptops were also most at risk of data loss and of malware infection, according to user survey responses. Furthermore, the tool produces the evidence of the discovered sensitive information including the surrounding context in the document, and thus users can easily redact the sensitive information or move it to a more secure location. Thus, this system can be used as a privacy enhancing tool as well as a security tool.

show abstract

Elevating the Discussion on Security Management: The Data Centric Paradigm

Cited by 14 publications

References 11 publications

A Data-Centric Approach for Privacy-Aware Business Process Enablement

A Data-Centric Approach for Privacy-Aware Business Process Enablement

A Security Risk Assessment Model for Business Process Deployment in the Cloud

An experimental study on the measurement of data sensitivity

Contact Info

Product

Resources

About