The paper discusses the assignment of security clearances to employees in a security conscious organisation. New approaches are suggested for solving two major problems. First, full implementation of the “need‐to‐know” principle is provided by the introduction of data access statements (DAS) as part of an employee’s job description. Second, for the problem of setting up border points between different security clearances, the paper introduces a fuzzy set model. This model helps to solve this problem, effectively connecting it with the cost of security.
Janczewski, L. and Portougal, V. (2000), "“Need‐to‐know” principle and fuzzy security clearances modelling", Information Management & Computer Security, Vol. 8 No. 5, pp. 210-217. https://doi.org/10.1108/09685220010356247Download as .RIS
MCB UP Ltd
Copyright © 2000, MCB UP Limited