On the buzzword `security policyapos;
Sterne, D.F.
Research in Security and Privacy, 1991. Proceedings., 1991 IEEE Computer Society Symposium on
Volume , Issue , 20-22 May 1991 Page(s):219 - 230
Digital Object Identifier   10.1109/RISP.1991.130789
Summary:It is pointed out that, although the term `security policy' is fundamental to computer security, its conflicting meanings have obscured important conceptual distinctions, especially where concerns other than confidentiality are involved. A clearer definition is needed to clarify routine technical discourse, facilitate resolution of key research issues, and establish the scope of security research and standardization efforts. The terms security policy objective, organization security policy, and automated security policy are proposed. These terms are based on simple generalizations of ideas that underlie the trusted computer system evaluation criteria (TCSEC). Yet, they describe a view of security that is more precise, more general, and different than `confidentiality, integrity, and assured service'. Their usefulness in clarifying conceptual and terminological issues is illustrated through examples

» View citation and abstract

Log in by entering your IEEE Web Account Username and Password.

IEEE Communications Society members: If you subscribe to the IEEE Electronic Periodicals Package or IEEE Electronic Periodicals Package Plus, you must access your subscription at www.comsoc.org.

Check with your librarian, information professional, or system manager to determine if you need to log in. Please complete the online Technical Support Form if you need assistance.

Select the Purchase History link to access the document. You will have 5 Days after purchase to access the Full Text PDF. Please complete the online Technical Support Form if you need assistance.

• Search and access Abstract records free of charge
• Register for table of contents alerts
• Purchase Full Text PDF documents

» Learn more about subscription options or how to become an IEEE Member.