security policy management process within six sigma framework安全策略在6σ管理过程框架.pdf

Journal of Information Security, 2012, 3, 49-58 /10.4236/jis.2012.31006 Published Online January 2012 (http://www.SciRP.org/journal/jis) Security Policy Management Process within Six Sigma Framework Vijay Anand, Jafar Saniie, Erdal Oruklu Department of Electrical and Computer Engineering, Illinois Institute of Technology, Chicago, USA Email: erdal@ Received October 13, 2011; revised November 30, 2011; accepted December 16, 2011 ABSTRACT This paper presents a management process for creating adaptive, real-time security policies within the Six Sigma 6σ framework. A key challenge for the creation of a management process is the integration with models of known Indus- trial processes. One of the most used industrial process models is Six Sigma which is a business management model wherein customer centric needs are put in perspective with business data to create an efficient system. The security pol- icy creation and management process proposed in this paper is based on the Six Sigma model and presents a method to adapt security goals and risk management of a computing service. By formalizing a security policy management process within an industrial process model, the adaptability of this model to existing industrial tools is seamless and offers a clear risk based policy decision framework. In particular, this paper presents the necessary tools and procedures to map Six Sigma DMAIC (Define-Measure-Analyze-Improve-Control) methodology to security policy management. Keywords: Security Management; Security Process; Policy; Threat; Six Sigma 1. Introduction ment is generally referred to as a security policy process.