::back to table of contents:: |
Enterprise Security Planning (ESP) |
|
L. Ertaul, T. Braithwaite, Beryl L. Bellman |
full paper |
Abstract:
Enterprise security planning (ESP) is the aligning of information security policies and practices and applicable security technologies with the business rules and the evolving information models and technical architectures being used by a government agency or business. In this paper ESP is discussed and its security knowledge management tools (SKMT) are proposed along with implementation issues of SKMT with the secure intelligent mobile agents, within the context of prevailing Enterprise Architecture (EA) methodologies - the most notable being the pioneering framework developed and described by Zachman. Using the Zachman Framework as a foundation, we propose the development of an ESP methodology and its implementation using modern analytic methods and techniques. We show that this allows information security to be integrated into the overall Enterprise Architecture (EA) of a Government agency or business. We ensure that the resulting ESP techniques will be compatible with the Federal Enterprise Architecture (FEA) Reference Model, Capital Planning and Investment Control (CPIC) guidelines, and provide the baseline for continuous Security Program Management as required by the Federal Information Security Management Act. With the implementation of ESP’s SKMT elements, we propose an ´´expert in a box´´ solution in which the knowledge to manage a security “incident” exists in the form of a community of intelligent secure mobile agents present within the system itself. |
|
|
|
Keywords:
Enterprise Security Planning, Zachman Framework, Network Security, Mobile Agents Security. |
|
|