 |
 |
| LATEST NEWS: |
default
|
| Newsletter Subscription | Search Engine | Site Map | Contact |
| SERENITY Home Page -> | State of the art review -> | Organization & Business |
[1] [2] |
Organization & Business
Overview of the trends and evolution in Organization & Business
In the standards and business community and in the academic community there have been a number of attempts to design methodologies and support tool to capture security engineering. On one side we have industry standards for drafting organizational privacy and security policies but offers no methodological tool for actually making the design decision. On the other side, we have complex methodologies for design decisions on security but that do not seem to have the capability to scale up to the complexity that real case-studies call for.
In the deliverable document "State of the art in Organisation & Business", the latest trends and evolutions are described through methodologies (for actually deriving the solutions from the informal requirements), languages (used for describing properties), systems and solutions (that supports the languages or which are an implementation of the languages) and industry/academic standards. 6 areas have been defined :
Yet, the standards do not deal with the choice of alternatives but just offer a classification and structure to the security experts that would lay down the policy. Only recently a number of proposals have started to design also methodologies to support the structured design of security policies and security solutions at enterprise level. Indeed, in the IT market it is often the case that the drawing of a security policy is outsourced to consultants that simply describe the existing situation of the corporation.
- Security Engineering
- Dependability Engineering
- Privacy Engineering
- Content Protection systems
- Business Models and Security
- Legal models and Management standards
Key findings :
Security at organizational level
Indeed, a number of management standards exist to specify security policies at the organizational levels that can be eventually refined down to low-level protection measures. The EU legislation and the national legislations that implement it also have similar template forms and guidance for privacy and security policies.Yet, the standards do not deal with the choice of alternatives but just offer a classification and structure to the security experts that would lay down the policy. Only recently a number of proposals have started to design also methodologies to support the structured design of security policies and security solutions at enterprise level. Indeed, in the IT market it is often the case that the drawing of a security policy is outsourced to consultants that simply describe the existing situation of the corporation.
