Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Comparing Access Control Security Policies: A Case Study Using SBVR
KTH, School of Information and Communication Technology (ICT).
2012 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Companies today are required more and more to interconnect their information systems with partners and suppliers in order to be competitive in a global marketplace. A problem of how to compare a security policy between two different companies when they need to agree upon a single security policy has been raised. Can a comparison of two access control policies made through Semantic of Business Vocabulary and Business Rules (SBVR) be more appropriate than the traditional way of intuitively comparing two information security policies?

In this research, a case study has been conducted along with the questionnaires as a data collection approach. In the case study, a calculation for a degree of policy statement similarity of Company A’s and Company B has been done. Both calculations were based on the questionnaire results of the Company A and Company B in form of SBVR and traditional policy statements separately.

This research has revealed that SBVR applied policy is more appropriate for comparing two company policies than a traditional written policy. By applying SBVR to the policy statements, Company A and Company B had their policy in the same structure, which is in the SBVR format. They could get a very clear similar part of the policy statements (70% calculated by the results of the second questionnaire in this case study) agreed by both companies.

Place, publisher, year, edition, pages
2012.
Series
Trita-ICT-EX, 2012:278
Keyword [en]
SBVR, business vocabulary, business rules, access control, security policy, comparing
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:kth:diva-108306OAI: oai:DiVA.org:kth-108306DiVA: diva2:579886
Educational program
Master of Science - Information and Communication Systems Security
Uppsok
Technology
Examiners
Available from: 2012-12-20 Created: 2012-12-20 Last updated: 2012-12-20Bibliographically approved

Open Access in DiVA

fulltext(1150 kB)250 downloads
File information
File name FULLTEXT01.pdfFile size 1150 kBChecksum SHA-512
dbb0ea8c93e524a7cfd4338a0247b4efc9217d037d60636217ca4b4b0a358b85ee21bf25fa069243e3c2baed1978f05d65c9d0a2e5e3292208cabddea9726ff0
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 250 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 160 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf