A System Framework of Security Management in Enterprise Systems

After analysing the security conditions in current Enterprise Systems (ES), this paper proposes a systematic framework that is based on the Secure Sockets Layer Virtual Private Network (SSL-VPN) for improving security management. This framework takes account of several key aspects such as channel strategy, network pattern, workstation authentication, identity authentication, security workflow, etc. The proposed framework has the following advantages: low cost, high performance, easy to implement, and strong security control pattern. In addition, this paper proposes a dynamic security strategy that is about authorizing user ID and roles dynamically and conducting real-time mapping via agent or proxy technologies. Copyright (c) 2013 John Wiley & Sons, Ltd.