| In the fierce environment of market competition, more and more enterprises have realized the importance of business intelligence. Competitive intelligence activity becoming more active and the means of competitive intelligence being of diversity, the benefits from the working results of competitive intelligence are more significant. Meanwhile, many enterprises have gradually realized the threats and challenges in information security of themselves. They adopt protecting measure to fight against the competitive intelligence activities of competitors, which is known as the Competitive Counter Intelligence.In this paper, firstly, the analysis of security requirements in competitive counter intelligence is given, combining with the objectives of information security policy, we establish a competitive counter intelligence model based on information policy and give the guiding theory for the process of competitive counter intelligence.Combining with SNMP management framework and the policy architecture proposed by the IETF, a security management framework which contains XML/ASN.1 converter and XML encryption/decryption groupware is proposed based on the model built previously, with XML as the policy description language. The framework in the paper has simple structure and good applicability. XML encryption and access control mechanisms strengthen the security in the management process of security policy implementation. The proper policy structure and examples in the framework are also given for the standardized management of policy documents.Since policy implementation and assessment play an important role in competitive counter intelligence, lastly, we establish a security evaluation index system for this framework based on BS7799 standard and propose a process using hierarchical analysis and fuzzy evaluation method to calculate the value of risk. A security evaluation process for the competitive counter intelligence system based on security policy is also given by improving BS7799. |
PDF Full Text Request