Information systems security: Scope, state-of-the-art, and evaluation of techniques

摘要

To achieve a certain degree of information systems security different techniques have been proposed and implemented. It is the aim of this paper to form a basis for their evaluation and comparison. For this purpose a general framework of security is established by defining its scope, most common threats against the security, and two kinds of different comparison and evaluation criteria. The first criteria is a set of requirements on the secrecy and confidentiality of information while the second consists of several structural requirements which we believe are essential for a successful and powerful security technique. In our evaluation we include the Discretionary Models, the Mandatory Models, the Personal Knowledge Approach, the Chinese Wall Policy and the Clark and Wilson model of security.