Value-driven Security Agreements in Extended Enterprises

Today organizations are highly interconnected in business networks called extended enterprises. This is mostly facilitated by outsourcing and by new economic models based on pay-as-you-go billing; all supported by IT-as-a-service. Although outsourcing has been around for some time, what is now new is the fact that organizations are increasingly outsourcing critical business processes, engaging on complex service bundles, and moving infrastructure and their management to the custody of third parties. Although this gives competitive advantage by reducing cost and increasing flexibility, it increases security risks by eroding security perimeters that used to separate insiders with security privileges from outsiders without security privileges. The classical security distinction between insiders and outsiders is supplemented with a third category of threat agents, namely external insiders, who are not subject to the internal control of an organization but yet have some access privileges to its resources that normal outsiders do not have. Protection against external insiders requires security agreements between organizations in an extended enterprise. Currently, there is no practical method that allows security officers to specify such requirements. In this paper we provide a method for modeling an extended enterprise architecture, identifying external insider roles, and for specifying security requirements that mitigate security threats posed by these roles. We illustrate our method with a realistic example

NPS Stands Up New All-Platform Center for Survivability and Lethality

On Jan. 30, the Naval Postgraduate School (NPS) announced the creation of the Center for Survivability and Lethality. The new research and education enterprise is the first interdisciplinary center dedicated to making the broad range of U.S. and allied military, homeland security and critical infrastructure platforms more survivable to attack and more lethal to hostile platforms and systems

The Use of Hosted Enterprise Applications by SMEs: A User Perspective

This paper seeks to deepen our understanding of the engagement of small to medium-sized enterprises (SMEs) in hosted enterprise applications (high complexity e-business applications) in the UK by investigating the relevance of organisational and technical factors through conducting interviews with SME users of hosted applications. The emergence and development of the application service provider (ASP) sector has attracted much interest and highly optimistic forecasts for revenues. Of particular interest in this paper is the emergence of service offerings targeted specifically at SMEs. The paper starts by considering information technology (IT) adoption by SMEs in general before reviewing the provision of hosted enterprise applications in the US and UK. The empirical data collected from SME users of hosted enterprise applications is then analysed in order to produce the key findings and conclusions. From an SME user perspective the key findings to emerge from the study include: i) confirmation that ICT infrastructure was no longer a barrier to adoption, ii) the pragmatic approach taken to security issues, iii) the use of both multiple information systems (hosted and resident) and service providers, iv) the attractiveness of the rental cost model and v) the intention to continue or extend their use of hosted applications within the enterprise. The early promise of the ASP sector appears not to have been generally realised for SMEs in the UK. This study explores the experience of early adopters of this new IT related innovation and identifies some significant business gains experienced by SME users. It also highlights the opportunity for gaining competitive advantage by using hosted enterprise applications to reduce costs. There are very few empirical studies of hosted applications which take a deliberately SME user perspective and this paper make an important contribution in this emerging field

Enterprise reform in China : the evolving legal framework

Enterprise reform in China since 1979 has been supported by accelerated reform of China's legal framework. In the transition to a"socialist market economy", state enterprises will operate independently of the government, may no longer be fully owned or controlled by the state, and will deal with the state and other legal entities through market based transactions. The number of collective (township and village) enterprises has grown rapidly, and in recent years so has the number of private enterprises. This level of economic change requires a commensurate level of legal change. The author describes the legal framework needed for enterprise reform in the world's most populous country. First,it is essential to define the enterprise and its rights and obligations. To define and broaden the autonomy of enterprises, enterprise law and regulations must be reformed. For state and collective enterprises, a goal of legal reform is also to effect the separation of ownership and management. To create a legal environment in which all enterprises - including state enterprises -participate as independent actors, reform is also needed in the following areas. Bankruptcy and competition law, to promote fair effective competition among autonomous enterprises and to ensure the continued protection of the public interest even without direct state management of enterprises. Financial laws, including securities laws and regulations, so enterprise financing can take place in a market driven system rather than through a planning mechanism. Laws governing land use, mortgage financing, and pension and social security systems, to separate employee housing and pension and social security systems from enterprise obligation and henceforth to provide housing pensions, and social security through alternative means. Contract law, to protect the legal rights of enterprises and allow economic transactions between parties to replace administrative controls, and to ensure that the court system and dispute resolution processes function credibly and reliably, thereby making all other reforms enforceable. To make these reforms meaningful, property rights must also be better defined. China's civil code currently offers only a limited definition of the rights of ownership and of an enterprise's rights to sell, transfer, or otherwise dispose of property. The author catalogs these pieces of the legal framework, suggesting where further reform is needed to support enterprise reform; focuses on the reform of state enterprises but also discusses the reform of nonstate enterprises; and touches only lightly on the role of foreign investment but does address the developing framework of patent, trademark, and copyright laws,National Governance,Legal Products,Private Participation in Infrastructure,Legal Institutions of the Market Economy,Judicial System Reform