Managing and Administering Security Infrastructure Controls via Policy 2009-01-3183
Managing the security of the infrastructure and applications for any aviation IT system necessitates some sort of control mechanism(s) for defining how the various components and processes of the system work. This is true for both the network components, applications within the infrastructure, and the various security infrastructure components such as access control mechanisms, intrusion detection systems, etc. The need for a comprehensive, defense in depth, solution to security can only be met if there is an association between the controls regulating the various security components, so that there is a consistent approach to regulating and controlling security.
To meet this need we propose a unifying Global Policy Framework concept, that includes a Policy Workbench for developing and administrating the policies associated with security components and the security infrastructure.