Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2004
IEEE
2004
IEEE
Security Policies to Mitigate Insider Threat in the Document Control Domain
With rapid advances in online technologies, organizations are migrating from paper based resources to digital documents to achieve high responsiveness and ease of management. These digital documents are the most important asset of an organization and are hence the chief target of insider abuse. Security policies provide the first step to prevent abuse by defining proper and improper usage of resources. Coarse grained security policies that operate on the "principle of least privilege" [1] alone are not enough to address the insider threat, since the typical insider possesses a wide range of privileges to start with. In this paper, we propose a security policy that is tailored to prevent insider abuse. We define the concept of subject, object, actions, rights, context and information flow as applicable to the document control domain. Access is allowed based on the principles of "least privilege and minimum requirements", subject to certain constraints. Unlike existi...
Real-time Traffic| Added | 20 Aug 2010 |
| Updated | 20 Aug 2010 |
| Type | Conference |
| Year | 2004 |
| Where | ACSAC |
| Authors | Suranjan Pramanik, Vidyaraman Sankaranarayanan, Shambhu J. Upadhyaya |
Comments (0)
Researcher Info
|
