GENRE ANALYSIS
Globally, the role of security cannot be overemphasized. Consequently, the role of security policies is vital in providing a framework for addressing existing security challenges. This essay, therefore, gives a glimpse into the ongoing processes by reviewing some of the existing literature. Consequently, this analysis is based on an article titled “Virtual organization security policies: An ontology-based integration approach.” The article is authored by Saravanan Muthaiyah and Larry Kerschberg and was published on 19th October 2007 in volume 9 of the Information Systems Frontiers Journal. The two authors are based at George Mason University. While Kerschberg is based in the Department Information and Software Engineering, Muthaiyah is based in the E-Center for E-Business of the same school. Dr. Kerschberg has a background in Engineering, having received his M. Sc. in Electrical Engineering from the University of Wisconsin at Madison and a Ph.D. in Engineering from Case Western Reserve University in Cleveland Ohio. On the other hand, Dr. Muthaiyah is an Information technology specialist, with expertise in Strategic Knowledge Management.
The 10-page long article has seven sections. These include; introduction, literature review, methodology, understanding security policy, SPDM lifecycle and tools, Mapping in Protégé and reasoning in RacerPro, and lastly a conclusion. The paper has an abstract which seeks to summarize what the paper entails. In this light, the article is focused on integrating security policies between Virtual organizations (VO) and real organizations (RO) using semantic mapping. The study was therefore aimed at developing a common domain model that would be used for security policy, and executed using semantic mapping (Muthaiyah and Kerschberg, 2007). The need for this endeavor was occasioned by the existence of ineffective ways of solving semantic heterogeneity problems.
Delegate your assignment to our experts and they will do the rest.
These challenges include structural heterogeneity, semantic heterogeneity as well as subjective mapping. Likewise, analysis of the VO and ROs from the authentication angle indicated a couple of differences between the policy structures, although most of it is the same. The differences between, and similarities of VO and ROs were exemplified by the X.509 certificate (Muthaiyah and Kerschberg, 2007). This certificate is used in specifying the relationship between the public key and other characteristics such as the subject name, version, validity interval serial number and issuer name. Consequently, the goal of the research was to create a Security Policy Domain Model (SPDM) through ontology mapping.
Currently, there is a considerable increase in the number of information systems which are constantly evolving. The evolution of information systems was initiated by the Grid technology which is known to have been one of the first attempts at solving challenges affecting data type differences (Muthaiyah and Kerschberg, 2007). The Grid technology initiated several collaborations among the VO participants. Thus, synchronization of resource sharing and seamless interactivity among VO became a focus area. Despite these efforts, a few of the challenges remained unresolved. The second approach taken was the use of HTML technology. This technology was applied as a measure for creating solutions to the heterogeneity challenges by carrying out matching in the process of mapping. On the other hand, by using ontology in the resolution of data type differences, the precise specifications that characterize a given domain of discourse are directly initiated. Further, through the incorporation of semantics, ontology produces domains of specified knowledge. As a result, the authors cite that the using of ontologies in resolving data type differences presents the next area of focus. Further, they argue that to bring together the differences, gap analysis which can be achieved through semantic reasoning is requisite. Consequently, mapping of all the objects and attributes between security policies becomes necessary.
This article presents a case study, in which a test was carried to check for consistencies between an RO and a VO. This was done using the RacerPro tool. Using this tool assumes that the mapping is already known while the processing time is unknown, and this aids in carrying out a gap analysis. Consequently, policies are mapped, and where needed integrated. As a result, this research was envisioned to contribute towards fostering innovation in the automated systems that automatically carry out mapping. In pursuit of this, an understanding of security policy was sought. It was established that the meanings of security vary. However, the two most common perspectives were context-dependent and common-dependent with particular needs perspective (Muthaiyah and Kerschberg, 2007). Further, it was established that to deal with the different views, production of a Security Policy Domain Model (SPDM) is critical. This model is useful in creating a concise user interface that is ideal for giving more precise results. Moreover, the authors sought to study SPDM cycles as well as tools. The steps were therefore outlined in ascending order.
This article contributes to the security policy discourse through the creation of an ontology for both VO and RO while keeping a keen focus on SPDM’s authorization security policy (Muthaiyah and Kerschberg, 2007) . This feat is presented in Table 2 of the article and presented in the form of a map, which also incorporates the two entities without compromising the data in any way. The RacerPro is also seen to be of immense importance in this process. The authors, however, note that before mapping, it is prudent to have specific ontologies in the OWL format. Likewise, they should be error-free. This is highlighted in Table 4. In their literary quest, the authors referred to past works of various authors. One notable example is an article titled “Information security policy — what do international information security standards say? This article was authored by Höne and Eloff, was published in Volume 5, Issue 21 of the Computers and Security Journal. The two authors are affiliated with the D epartment of Computer Science, Rand Afrikaans University, South Africa. This article cites that while global information security standards might be a good reference point in the determination of the core components of information security policy, they should not be exclusively relied upon for guidance purposes (Höne & Eloff, 2002). Therefore, Muthaiyah and Kerschberg cited this source to emphasize that a one-size-fits-all scenario does not exist in the development of information security policies.
In conclusion, Muthaiyah and Kerschberg aim at promoting a better understanding of the benefits of ontology mapping. This is via the demonstration of semantic integration of data. This information is vital in establishing a shared information model, trustworthy domain, and federal services.
References
Höne, K., & Eloff, J. H. P. (2002). Information security policy—what do international information security standards say? Computers & Security , 21 (5), 402-409.
Muthaiyah, S., & Kerschberg, L. (2007). Virtual organization security policies: An ontology-based integration approach. Information Systems Frontiers , 9 (5), 505-514.
