Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. - -

Wednesday 11 March 2009

New Analyst Coverage for Model-Driven Security

IT analyst firm Gartner, today has again raised awareness for model-driven security in Tom Scholtz's report "No More Dr. No: Developing a Strategy for Business-Aligned Information Security" (10 March 2009, ID:G00166010), which advocates that rather than simply saying no to new technology, effectively aligning information security practices with business strategy results in optimized security efforts and investments. Such business alignment requires a multifaceted strategy." The report recommends businesses to "... investigate the potential benefits of modeling-based policy automation. Such technology solutions support the development, implementation and management of security policies that are inherently integrated into the business requirements modeled during IT service solution design.". You can find further information about model-driven security (+ model-driven compliance, model-driven security accreditation,) and about ObjectSecurity's OpenPMF product at

No comments: