Enterprise Information Security Management Based on Context-Aware RBAC and Communication Monitoring Technology

Abstract EN

Information technology has an enormous influence in many enterprises.

Computers have not only become important devices that people rely on in their daily lives and work, but have also become essential tools for enterprises.

More and more enterprises have shifted their focus to how to prevent outer forces from invading and stealing from networks.

However, many enterprises have disregarded the significance of internal leaking, which also plays a vital role in information management.

This research proposes an information security management approach that is based on context-aware role-based access control (RBAC) and communication monitoring technology, in order to achieve enterprise information security management.

In this work, it is suggested that an enterprise may, first, use an organizational chart to list job roles and corresponding permissions.

RBAC is a model that focuses on different work tasks and duties.

Subsequently, the enterprise may define a security policy to enforce the context-aware RBAC model.

Finally, the enterprise may use communication monitoring technology in order to implement information security management.

The main contribution of this work is the potential it provides to both reduce information security incidents, such as internal information leakage, and allow for effective cost control of information systems.