next up previous contents
Next: 3.2 Metapolicies by Kühnhauser Up: 3.1 Metapolicies by Hosmer Previous: 3.1.2 Coordination of Policies   Contents

3.1.3 Properties of Metapolicies

Metapolicies by Hosmer are primarily introduced to provide control for the organisation, the automated information system, and the security subsystem.

They differ vastly in scope and significance. There are several metapolicies for every (security) policy and one metapolicy may coordinate many policies. There are general rules (guidances) which always apply to the creation of metapolicies. Additionally, certain situations may have certain rules, but others may not. Making implicit information explicit happens on a subjective basis and agreement on this must be found.

As a result of the definition and the aim of introducing metapolicies, there will be metapolicies about metapolicies.

Metapolicies can consist of a single value or can be implemented in modular and layered data structures. These layers may correspond to the layers of the organisation, the layers of the computer system, or layers of security policies.

Changes or additions of metapolicies are security-relevant events, because they are as critical as security policies. Therefore, metapolicies must be audited as in the case of security policies.

Metapolicies are considered to be very important in trusted systems, because they control key functions like the processing of policies and the coordination of policies. They support the control of policies, help to standardise the policy formats and improve the interchangeability of policies.

The development of graphic techniques, such as those used in the field of data bases, can help to visualise the metapolicy relationships, groupings, interactions between metapolicies and between policies and metapolicies


next up previous contents
Next: 3.2 Metapolicies by Kühnhauser Up: 3.1 Metapolicies by Hosmer Previous: 3.1.2 Coordination of Policies   Contents
Copyright Munich Network Management Team