Conferences in Research and Practice in Information Technology
  

Online Version - Last Updated - 20 Jan 2012

 

 
Home
 

 
Procedures and Resources for Authors

 
Information and Resources for Volume Editors
 

 
Orders and Subscriptions
 

 
Published Articles

 
Upcoming Volumes
 

 
Contact Us
 

 
Useful External Links
 

 
CRPIT Site Search
 
    

We wish you a happy and safe holiday season and all the best for 2025


Electronic Information Security Documentation

Fung, P., Kwok, L.-f. and Longley, D.

    Effective security management depends upon good risk management, which is itself based upon a reliable risk assessment, involving data collection of all the facets influencing system risk. Such data collection is often an extremely onerous task, particularly if a substantial proportion of the required information is not adequately documented. Hence comprehensive, updated information security documentation is a keystone of good information security management. Whilst the recently emerging information security management standards provide some implicit guidance on the development of documentation; there is relatively little support available for security officers attempting to develop and maintain such documentation. Traditionally textual security documents are not necessarily the most appropriate format for describing the security of large complex, networked systems, subject to frequent updates. It has been suggested [1], [2] that a security officer's workstation, with a database and GUIs, may present a more effective form of security documentation. However, such a tool requires a welldeveloped model of the information system and, as discussed in this paper, a standardised means of representing security entities. This paper proposes an information security model to facilitate the development of electronic security documentation. A proposed security entity classification scheme is first described. Such a classification scheme and the use of object identifiers to identify security entities greatly facilitates the development of a security officer's workstation. The potential of the model for risk assessment and security design is described. A prototype model was developed in Visual Basic to test the concepts proposed, and a Java based model is currently under development at the City University of Hong Kong.
Cite as: Fung, P., Kwok, L.-f. and Longley, D. (2003). Electronic Information Security Documentation. In Proc. First Australasian Information Security Workshop (AISW2003), Adelaide, Australia. CRPIT, 21. Johnson, C., Montague, P. and Steketee, C., Eds. ACS. 25-31.
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS
 

 

ACS Logo© Copyright Australian Computer Society Inc. 2001-2014.
Comments should be sent to the webmaster at crpit@scem.uws.edu.au.
This page last updated 16 Nov 2007