科技报告详细信息
Privacy Enforcement with HP Select Access for Regulatory Compliance
Casassa Mont, Marco ; Thyne, Robert ; Bramhall, Pete
HP Development Company
关键词: privacy;    privacy enforcement;    access control;    privacy- aware access control;    regulatory compliance;    data governance;    policy management;   
RP-ID  :  HPL-2005-10
学科分类:计算机科学(综合)
美国|英语
来源: HP Labs
PDF
【 摘 要 】

Regulatory compliance is a hot topic for enterprises. The increasing number of laws, including SOX, GLB, HIPAA and various governmental directives on data protection require enterprises to put in place complex processes to comply with related policies. Among other things, this involves the analysis, modeling, deployment, enforcement and audit of these policies. Privacy management is a core aspect of regulatory compliance. Enterprises store large amounts of personal (confidential) data about their employees, customers and partners. Failure to comply with privacy policies can have serious consequences for their reputation and brand and have negative legal and financial impacts. Most of the solutions in this space address auditing and reporting issues. However, being able to enforce privacy policies on personal data by means of flexible, integrated and adaptive solutions is also very important: at the moment this aspect is still a green field, open to research. This paper describes work done at HP Labs to address this problem and develop a privacy-aware access control system to enforce privacy policies on personal data. A working prototype and a related demonstrator have been implemented, as a proof of concept, by leveraging the HP Select Access product: privacy policies are authored with an extended version of the HP Select Access Policy Builder (via standard plug-ins); related decisions are made by an extended version of the HP Select Access Validator (via standard plug-ins). A brand new "Data Enforcer" has been implemented and integrated with HP Select Access to enforce fine- grained privacy decisions on personal data stored in data repositories. The management of traditional access control policies is integrated with the management of privacy policies. This brings simplicity and rationalises the required set of management and enforcement tools. 36 Pages

【 预 览 】
附件列表
Files Size Format View
RO201804100000979LZ 2463KB PDF download
  文献评价指标  
  下载次数:14次 浏览次数:21次