فهرست و منابع پایان نامه ارائه یک چارچوب تعامل پذیر معماری امنیت اطلاعات در کاربردهای فرا درون سازمانی
فهرست:
فصل اول: معرفی ................................................................................................................................................ 1
1- مقدمه ............................................................... . ............................................................... . ....................................................... 2
1- 2- انگیزه و سابقه انجام تحقیق ................................ ................................ ................................ .................................................. 3
1- 3- پرسش های تحقیق ............................................................... . ................................ ................................ ................................. 8
1- 4- تعریف مساله و محدوده تحقیق ............................................................... . ................................ ............................................ 9
1- 5- روش انجام تحقیق و ارزیابی آن ................................ ................................ ................................ ........................................ 10
1- 6- کاربردها و استفاده کنندگان ................................ ................................ ................................ .............................................. 12
1- 7- ساختار پایان نامه ................................ ................................ ............................................................... . ................................. 13
فصل دوم: آشنایی با ادبیات تحقیق .............................................................................................................. 14
1- مقدمه ............................................................... . ............................................................... . .................................................... 15
2- 2- امنیت اطلاعات سازمانی ............................... . ............................................................... . ..................................................... 15
2- 3- تعامل پذیری ............................... . ............................................................... . ................................ ......................................... 18
2- 4- سایر مفاهیم مرتبط ................................ ................................ ................................ ............................................................. 19
2- 5- جمع بندی ................................ ................................ ................................ ............................................................... ............. 20
فصل سوم: چارچوب ها و مدلهای معماری امنیت اطلاعات سازمانی .......................................................... 21
1- مقدمه ............................................................... . ............................................................... . .................................................... 22
3- 2- چارچوب ها و مدلهای کل نگر در مقایسه با چارچوب های جزءنگر ............................................................... ............. 24
3- 2- 1- روشهای جزءنگر ................................ ................................ ................................ ............................................... 25
3- 2- 2- چارچوب های کل نگر ................................ ................................ ................................ ........................................ 28
3- 2- 3- نقد و مقایسه چارچوب های کل نگر ................................ ................................ ................................................ 81
3- 3- جمع بندی ................................ ................................ ................................ ............................................................... ............. 83
فصل چهارم: چارچوب ها و مدل های تعامل پذیری ...................................................................................... 84
1- مقدمه ............................................................... . ............................................................... . .................................................... 85
4- 2- تعریف تعامل پذیری ................................ ................................ ................................ ............................................................. 86
4- 3- مدلها و چارچوب های تعامل پذیری ............................... . ............................................................... ................................. 88
89 ............................................................ ................................ ................................ ................................ LISI مدل -1 -3 -4
4- 3- 2- مدل بلوغ تعامل پذیری سازمانی ............................................................... . ...................................................... 91
4- 3- 3- چارچوب تعامل پذیری ائتلافی ................................ ................................ ......................................................... 93
4- 3- 4- مدل تعاملپذیری SOSI ................................ ................................ ................................ .................................... 95
4- 3- 5- چارچوب تعامل پذیری AIF) Athena) ............................... . ............................................................... ............ 98
4- 3- 6- مدل مرجع ترکیبی تعاملپذیری ............................................................... . ................................................. 100
4- 4- جمع بندی ................................ ................................ ................................ ................................ .......................................... 104
هشت
5 - فصل پنجم: چارچوب پیشنهادی برای IEISA ............................................................................................ 105
1- مقدمه ............................................................... . ............................................................... . ................................................. 106
5- 2- معماری زمی نهای ................................ ................................ ............................................................... ............................... 108
2- 1- سلول what (مدل حرفه) ................................ ............................................................... ............................... 109
5- 2- 2- سلول why (مدل ریسک های حرفه ) ................................ ............................................................... .......... 119
5- 2- 3- سلول How (مدل فرآیندهای حرفه) ................................ ................................ .......................................... 121
5- 2- 4- سلول Who (مدل روابط و ساختارها) ............................... . ............................................................... ......... 123
5- 2- 5- سلول Where (مدل جغرافیایی حرفه) ............................... . ................................ ...................................... 124
5- 2- 6- سلول When (مدل وابستگی های زمانی) ................................ ................................ .................................. 124
5- 2- 7- جمعبندی ................................ ................................ ................................ ......................................................... 124
5- 3- معماری لایه مفهومی ................................ ................................ ................................ ....................................................... 126
5- 3- 1- سلول What (نمایه مشخصههای حرفه) ................................ ................................ .................................... 126
5- 3- 2- سلول Why (اهداف کنترلی) ................................ ................................ ........................................................ 127
5- 3- 3- سلول How (فرآیندهای حرفه) ............................................................... . ................................................... 128
5- 3- 4- سلول Who (مدل موجودیت های حرفه) ................................ ................................ ................................... 132
5- 3- 5- سلول Where (مدل حوزه های امنیت) ............................... . ................................ ...................................... 133
5- 3- 6- سلول When (طول عمر و سررسید های حرفه) ................................ ..................................................... 134
4- جمع بندی ................................ ................................ ................................ ................................ .......................................... 135
فصل ششم: ارزیابی ..................................................................................................................................... 137
1- مقدمه ............................................................... . ............................................................... . ................................................. 138
6- 2- ارزیابی با قوانین عمومی حاکم بر چارچوبهای معماری سازمانی ................................ ........................................... 139
6- 3- مطالعه موردی ................................ ................................ ................................ ................................ ................................... 142
3- 1- سازمان انتخابی ................................ ................................ ................................ ............................................... 142
6- 3- 2- فرآوردههای معماری زمی نهای ................................ ................................ ...................................................... 143
6- 3- 3- فرآورده های معماری مفهومی ................................ ................................ ....................................................... 152
6- 3- 4- جمعبندی مطالعه موردی ............................... . ............................................................... .............................. 156
6- 4- ارزیابی مقایسه ای ................................ ................................ ............................................................... ............................... 163
6- 4- 1- ابزار مورد استفاده ................................ ................................ ................................ ................................ ........... 164
6- 4- 2- تعیین هدف و معیارها ................................ ................................ ................................ .................................... 164
6- 4- 3- جداول مقایسه ای مرحله اول ................................ ................................ ........................................................ 165
6- 4- 4- مقایسه نهایی ................................ ............................................................... . ................................................... 168
4- 5- تحلیل نتایج ................................ ................................ ................................ ..................................................... 169
فصل هفتم: جمعبندی .................................................................................................................................. 171
نه هشت
1- مقدمه ............................................................... . ............................................................... . ................................................. 172
7- 2- مروری بر پایاننامه ............................................................... . ................................ ........................................................... 172
7- 3- بازبینی اهداف تحقیق ................................ ................................ ................................ ...................................................... 173
7- 4- محدودی تهای IEISA ................................ ................................ ................................ ........................................................ 175
7- 5- پاسخ به ابهامات IEISA ................................ ................................ ................................ ..................................................... 175
5- 1- نگاشت لای ههای زمی نهای و مفهومی به لایه های منطقی و پی ادهسازی ................................................ 175
7- 5- 2- پی شنیازها و ورودی های iEISA ................................ ................................ .................................................... 177
7- 5- 3- جامعیت iEISA ............................... . ............................................................... . ................................................. 178
7- 5- 4- قابلیت پیاده سازی چارچوب ................................ ................................ ........................................................ 179
7- 6- پیشنهادات و کارهای آتی ............................... . ................................ ................................ ................................................ 180
8 - پیوستها ....................................................................................................................................................... 181
8- 1- فهرست کوته نوشت ها ................................ ................................ ................................ .................................................... 181
8- 2- فهرست برگردان ها ............................................................... . ............................................................... ............................. 182
8- 3- فرم ارزیابی سازمان مورد مطالعه بر طبق موارد ISMS ................................ ................................................................ 183
4- مقالات مستخرج از پایان نامه ................................ ................................ ............................................................... .......... 196
مراجع ............................................................................................................................................................ 197
منبع:
- مقالات مستخرج از پایان نامه
.1 Shariati, M., F. Bahmani, and F. Shams, Enterprise Information Security, A Review of Architectures and Frameworks from Interoperability Perspective, in World Conference on Information Technology. 2010, Elsevier: Turkey.
.2 Shariati, M., F. Bahmani, and F. Shams, Information Security Frameworks and Architectures, In the context of enterprises, in World Conference on Internet Security (World-CIS 2011). 2011,
IEEE: London, UK.
ATHENA Integrated Project (507849). 2005, Framework for the Establishment and Management Methodology, Deliverable DA1.4.
Scholtz, T., Structure and Content of an Enterprise Information Security Architecture. 2006, Gartner Inc.
Sherwood, J., A. Clark, and D. Lynas, Enterprise Security Architecture: A Business-Driven Approach. 2005: CMP Books.
Sherwood, J., A. Clark, and D. Lynas, Enterprise security architecture whitepaper. SABSA Limited, 2009.
۵. رضایی, بھبود مکانیزم ھای ھمکنش پذیری برای ایجاد قابلیت تجمیع در زمان اجرا در سامانه ھای فوق وسیع.
١٣٨٨, گروه مھندسی کامپیوتر- دانشگاه آزاد اسلامی، واحد علوم و تحقیقات.
Baird, S.A., Government Role and the Interoperability Ecosystem. Journal of Law and Policy for the Information Society, Vol. 5, No. 2, p. 219, Summer 2009.
FEA Consolidated Reference Model Document, F. Agency, Editor. 2005, Federal CIO Council
Zachman, J.A., The Zachman Framework: A Primer for Enterprise Engineering and Manufacturing. 2003, Zachman International.
Grossman, I., FEMA Takes a New Enterprise Architecture Approach to Support DHS. 2009, Department of Homeland Security.
BS 7799, B.G. (BSI), Editor. 1995, United Kingdom Government's Department of Trade and Industry (DTI): United Kingdom.
ISO/IEC 17799. 2000, International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).
ISO/IEC TR 13335- Guidelines for the management of IT Security 2001, International
Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).
ISO/IEC 27000-series (ISMS Family of Standards). 2009, International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
Standard of Good Practice(SoGP). 1996, Information Security Forum (ISF).
OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security. 2002, OECD Council
Rees, J., B. Subhajyoti, and E. Spafford, PFIRES: A Policy Framework for Information Security. Communications of the ACM, 2003. 46(7): p. 101-106.
Pilz, A. "Policy-Maker": a toolkit for policy-based security management. in Network Operations and Management Symposium, 2004. NOMS 2004. IEEE/IFIP. 2004.
Galiasso, P., et al. Policy mediation for multi-enterprise environments. in Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference. 2000.
Alam, M. and M.U. Bokhari. Information Security Policy Architecture. in Conference on Computational Intelligence and Multimedia Applications, 2007. International Conference on. 2007.
Claycomb, W. and D. Shin. Enabling mobility in enterprise security management. in Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International. 2006.
Schumacher, M. and D. Witte, Secure Enterprise SOA, Known and New Security Challenges. Datenschutz und Datensicherheit, 2007. 31: p. 652-655.
Gutiérrez, C., E. Fernández-Medina, and M. Piattini, Web Services Enterprise Security Architecture : A Case Study. ACM 1-59593-234-8/05/0011, 2005.
Nakamur, Y., S. Hada, and R. Neyama. Towards the integration of Web services security on enterprise environments. in Applications and the Internet (SAINT) Workshops, 2002. Proceedings. 2002 Symposium on. 2002.
Nagaratnam, N., P. Janson, and J. Dayka, The Security Architecture for Open Grid Services. 2002.
Harrisson, M.A., W.L. Ruzzo, and J.D. Ullman, Protection in operating systems. ACM 159593-234-8/05/0011, 1976.
Lampson, B.W., Protection. Proc. 5th Annual Princeton Conf. on Information Science and Systems, 1971: p. 437-443.
Bell, D.E. and L.J. LaPadula, Secure computer systems: mathematical foundations. ESDTR-73-278 Vol, 1973.
Nyamchama, M. and S. Osborn, Information flow Analysis in Role-Based Security Systems, in International Conference on Computing and Information. 1994.
Axel, K., et al., Observations on the role life-cycle in the context of enterprise security management, in Proceedings of the seventh ACM symposium on Access control models and technologies. 2002, ACM: Monterey, California, USA.
Megaache, S., T. Karran, and G.R.R. Justo. A role-based security architecture for business intelligence. in Technology of Object-Oriented Languages and Systems, 2000. TOOLS 34. Proceedings. 34th International Conference on. 2000.
Huin, L. and D. Boulanger. An Agent-Based Architecture to Add Security in a Cooperative Information System. in Signal-Image Technologies and Internet-Based System, 2007. SITIS '07. Third International IEEE Conference on. 2007.
Aagedal, J.O., et al. Model-based risk assessment to improve enterprise security. in Enterprise Distributed Object Computing Conference, 2002. EDOC '02. Proceedings. Sixth International. 2002.
Buck, K., P. Das, and D. Hanf. Applying ROI Analysis to Support SOA Information Security Investment Decisions. in Technologies for Homeland Security, 2008 IEEE Conference on. 2008.
Johansson, E. and P. Johnson, Assessment of Enterprise Information Security - An Architecture Theory Diagram Definition in CSER 2005. 2005: Hoboken, NJ, USA.
Martin, C. and K.A. Abuosba. Utilizing a Service Oriented Architecture for Information Security Evaluation and Quantification. in Business-Driven IT Management, 2007. BDIM '07. 2nd IEEE/IFIP International Workshop on. 2007.
Stephenson, P., S-TRAIS : A Method for Security Requirements Engineering Using a Standards-Based Network Security Reference Model.
Menzel, M., I. Thomas, and C. Meinel. Security Requirements Specification in ServiceOriented Business Process Management. in Availability, Reliability and Security, 2009. ARES '09. International Conference on. 2009.
Hall, G., Identifying and Managing Internal Security Threats in Enterprise Systems. 2009.
Sengupta, A., C. Mazumdar, and A. Bagchi. A formal methodology for detection of vulnerabilities in an enterprise information system. in Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on. 2009.
Kreizman, G. and B. Robertson, Incorporating Security into the Enterprise Architecture Process. 2006, Gartner, Inc.
Anderson, J.A. and V. Rachamadugu. Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure. in IEEE International Conference on Services Computing (SCC '08). 2008.
Korhonen, J.J., M. Yildiz, and J. Mykkanen. Governance of Information Security Elements in Service-Oriented Enterprise Architecture. in Pervasive Systems, Algorithms, and Networks (ISPAN), 2009 10th International Symposium on. 2009.
Jianguang, S. and C. Yan. Intelligent Enterprise Information Security Architecture Based on Service Oriented Architecture. in Future Information Technology and Management Engineering, 2008. FITME '08. International Seminar on. 2008.
Ramachandran, J., Designing security architecture solutions. 2002: Wiley Computer Publishing.
(OISSG), O.I.S.S.G., Information Systems Security Assessment Framework (ISSAF) 2006.
GAO, Department of Homeland Security Enterprise Architecture (DHS), D.o.H. Security, Editor. 2006.
Shariati, M., F. Bahmani, and F. Shams, Enterprise Information Security, A Review of Architectures and Frameworks from Interoperability Perspective, in World Conference on Information Technology. 2010, Elsevier: Turkey.
Smith, D.B., Guide to Interoperability. 2009, Software Engineering Institute, Carnegie Mellon University.
C4ISR, Levels of Information Systems Interoperability (LISI), in C4ISR Interoperability Working Group. 1998 US Department of Defense: Washington. D.C.
Clark, T., Jones, R., Organizational Interoperability Maturity Model for c2, in Proc. of the 1999 Command and Control Research and Technology Symposium. 1999: Whashington
Tolk, A., Beyond Technical Interoperability – Introducing a Reference Model for Measures of Merit for Coalition Interoperability in 8th International Command and Control Research and Technology Symposium(ICCRTS). 2003: Washgington, D.C.
Morris, E., et al., Systerns of Systems Interoperability (SOSI) : Final Report. 2004, Software Engineering Institute, Carnegie Mellon University.
ATHENAConsortium, ATHENA Interoperability Framework (AIF). 2006, European
Commission through the ATHENA IP (Advanced Technologies for interoperability of Heterogeneous Enterprise Networks and their Applications Integrated Project).
۵۴. رضوی, ارائه چارچوبی نوین جھت تحلیل ویژگی ھای کیفی معماری سازمانی. ١٣٨٩, گروه مھندسی کامپیوتر- دانشگاه آزاد اسلامی، واحد علوم و تحقیقات.
Carney, D., D. Fisher, and P. Place, Topics in Interoperability: System-of-Systems Evolution. 2005, Software Engineering Institute, Carnegie Mellon University.
Berre, A.J., et al., The ATHENA Interoperability Framework. Enterprise Interoperability II,
New Challenges and Approaches, (R.J. Goncalves, J.P. Muller, K. Mertins, M. Zelm, Eds.) Springer Verlag London, 2007: p. 569—580.
Knothe, T. and R. Jochem, Quality Criteria for Enterprise Modeling in the context of networked Enterprises. Enterprise Interoperability II, New Challenges and Approaches Springer Verlag London, 2007: p. 149—158.
Zwegers, A., Interoperability Developments for Enterprise Application and Software - roadmaps, in eGovernmentInteroperabilityWorkshop. 2003: Brussels.
٩۵. دارا, ع., ارائه یک مدل تلفیقی برای تضمین امنیت معماری سرویس گرا. ١٣٨٩, دانشگاه آزاد اسلامی واحد علوم و تحقیقات گروه مھندسی کامپیوتر
Kang, M., J. Park, and J. Froscher. Access Control Mechanisms for Inter-Organizational Workflow. in Proceedings of the 6zh ACM Symposium on Access Control Models and Technologies (SACMAT ’01). 2001.
Menzel, M., C. Wolter, and C. Meinel, Access Control for Cross-Organizational Web Service Composition. Journal of Information Assurance and Security, 2007: p. 155–160.
ISO/IEC (1996) Information Technology - Open Systems Interconnection - Security Frameworks for Open Systems: Confidentiality Framework (Adopted ISO/IEC 10181-5. Volume,
Sowa, J.F. and J.A. Zachman, Extending and formalizing the framework for information systems architecture. IBM Systems Journal, 1992. 31: p. 590-616.
Saaty, T., The Analytic Hierarchy Process: Planning, Priority Setting, Resource Allocation.
1980 McGraw-Hill.