Information Technology Reference
In-Depth Information
and to compare and negotiate the protection level offered by the IS of each co-
operating party.
SPR is built around a knowledge base, which provides a common conceptual
model and a structured framework for representing policies and, on top of that, the
tools for managing policies.
The SPR aims at supporting co-operation of Healthcare Information Systems in
different contexts. However, it can be used in several cases of co-operative IS, espe-
cially when diverse security policies hinder IS co-operation. Using SPR, it is possible
to:
1. Publicize the security policies to all interested parties (stakeholders).
2. Detect and potentially resolve policy conflicts.
3. Assess the adequacy and effectiveness of the security policies in use.
4. Facilitate negotiations aiming to achieve an adequate level of security and privacy.
5. Record the solutions that were provided for reconciling security policies.
Further research could focus on developing a comprehensive Security Policies Man-
agement System, based on the SPR, which will support automatic conflict detection,
negotiation, and conflict resolution.
Further research may focus on developing a method for assessing the completeness
and effectiveness of security policies, based on the framework provided by the SPR.
References
1. Kokolakis, S., Gritzalis, D., Katsikas, S.: Generic security policies for healthcare informa-
tion systems.
Health Informatics Journal
, Vol. 4, No. 3 (1998) 184-195
2. Kokolakis, S., Kiountouzis, E.A.: Achieving interoperability in a multiple-security-policies
environment.
Computers & Security
, Vol. 19, No. 3 (2000) 267-281
3. Brewer, D., Nash, M.: The Chinese Wall Security Policy. In
Proc. of the 1989 IEEE Sym-
posium on Security and Privacy
, IEEE Press (1989) 206-214
4. Lupu, E., Sloman, M.: Conflicts in policy-based distributed systems management.
IEEE
Transactions of Software Engineering
, Vol. 25, No. 6 (1999)
5. Jarke, M., Gallersdorfer, R., Jeusfeld, M., Staudt, M., Eherer, S. ConceptBase: A deductive
object base for metadata management.
Journal of Intelligent Information Systems
, Vol. 4,
No. 2 (1995) 167-192
6. Mylopoulos, J., Borgida, A., Jarke, M., Koubarakis, M. Telos: Representing knowledge
about information systems.
ACM Transactions on Information Systems
, Vol. 8, No. 4
(1990) 325-362
7. Jeusfeld, M., Jarke, M., Nissen, H., Staudt, M.: ConceptBase: Managing conceptual models
about information systems. In Berns, et al. (Eds),
Handbook of Architectures of Information
Systems
, Springer-Verlag (1998)
8. Gangopadhyay, D., Barsalou, T.: On the semantic equivalence of heterogeneous popula-
tions in multimodel, multidatabase systems.
SIGMOD Record
Vol. 20, No. 4 (1991)
9. Spanoudakis, G., Constantopoulos, P.: Integrating specifications: A similarity reasoning
approach.
Automated Software Engineering Journal
, Vol. 2, No. 4 (1995) 311-342
10. Sheth, A., Larson, J.: Federated database systems for managing distributed, heterogeneous
and autonomous databases.
ACM Computing Surveys,
Vol. 22, No. 3 (1990)
