Integrated security for enterprise-wide information systems

Research project P 14029 ISEWIS Roland WAGNER 08.05.2000 Many of today`s enterprises maintain their data in a variety of different information systems possibly on a number of diver-Inc, platforms. Often each organizational unit manages information systems of their own resulting in a great number of isolated applications within one enterprise. Many of die information systems used within an enterprise contain a proprietary security sub-system supporting particular security concepts and maintaining, its own security `Information. Thus, Security Information is scattered over an arbitrary number of applications and information systems leading to a distributed, and moreover heterogeneous security infrastructure. Additionally, inconsistencies and mismatch among the security information of local information systems may arise an to be handled for reducing possible threats to security. Obviously, such isolated security solutions are difficult to maintain and hard to administrate. It becomes evident to develop an integrated security infrastructure on top of the isolated security sub-systems allowing to specify security infrastructure concepts and information (i.e. the security policy) for the whole enterprise simultaneously offering the possibility to integrate any of the different local security policies. Such a global security infrastructure will allow to integrate isolated security information into a global concept by performing required mappings resulting into integrated security for enterprise-wide information systems (ISEWIS). Summarizing, the following issues have to be addressed: * Central monitoring of security information: allow to centrally monitor all security information available within an enterprise. * Central administration of security information: provide a homogeneous interface to administer distributed and heterogeneous security systems and thus support security administrators in maintaining security information. * Enterprise-wide security policy: support the definition of a global security policy, which is based on enterprise- wide security concepts and security information and integrates the various local security policies. * Enterprise-wide security system: provide mechanisms like authentication, authorization, access controls, auditing, encryption, etc. on a global, enterprise-wide level. * Application tailored security policy: allow to specify security concepts and information that meet particular application specific requirements. * Application tailored security systems: allow applications to use the globally offered Security mechanisms in order to assert the own security policy in accordance with the enterprise-wide security policy.