Universal Controls

Universal Controls

Universal controls is a term used within information risk management and information risk assessment (auditing) to represent an information control that can be enforced across multiple applications, systems, or platforms. Universal controls are based on a universal policy language, such as XACML.

Business users and policy analysts can define one set of policies and procedures, then apply it consistently throughout the enterprise, across user identity, roles, business context, time, locations, and dynamically-created groups. The same information controls are rapidly deployed across multiple resources, spanning multiple enterprise systems. Universal controls, built on a 4GL business language, integrate and interoperate within existing network and security infrastructure, and with current directory services used to manage users and information assets. Without having to modify user workflows, the end result delivers protection during data handling and dislosure to prevent data loss, and conflicts of interest when data is shared, across heterogeneous networks.

Companies can use universal controls to protect data in a consistent way across multiple storage sources—such as, fileservers, application data stores, and web-based portals and sites—and across multiple end point devices, for example, desktop or laptop PCs, USB and CD drives, portable devices, and printer and file servers. A single set of universal policies control access, handling, and sharing of information by understanding various actions: standard file operations, printing, e-mail and IM attachment, Web and FTP upload, or sharing on intranet portals or sites, for example. Once deployed, business policies are continuously enforced, including across laptops and portable devices when mobile or operating remotely, whether they are attached to the network or not.

Real-Time, Context-Based, Universal Enforcement

Regardless of the different data sources, end points, and applications and systems a company has deployed, universal controls can monitor information activity across an enterprise, and evaluate business conditions against attempted data access and handling in real time. Based on policy evaluation results, universal controls can actively prevent unauthorized or inappropriate data use, educate users in real time about information activities, automate procedures to assist users, and so forth. This real-time enforcement takes account of business context, such as time of day or day of the week, the application used to access data or open a document, a user’s identity or role, the user or device location, and so on.

As an example: A policy may allow a defined class of users to access, copy or print sensitive company data, but only while using an approved spreadsheet application and only during regular business hours; in other situations, activity is automatically denied and/or users are warned. Once deployed, this policy can protect its target data regardless of the end point type or location, the operating system running, or whether the device is attached to the network or not.

The Flexibility of Open Architecture

For universal controls to be effective, they generally require an open architecture, such as SOA interfaces, Web services, and open APIs. Controls must be easily able to be readily integrated with already existing, deployed commercial or custom applications. Plug-and-play third-party policy enforcement points (PEPs) can be created through integrating a policy decision point (PDPs) with devices, systems and applications for applying universal controls.

The Benefits of Universal Controls

With universal controls, companies that manage information risks benefit from:

* Consistent policy application that achieves high integrity and responsible corporate governance over information handling and disclosure, while preventing data leakage and conflicts of interest risks.

* Higher efficiency through automated policy enforcement and lower costs with a single, centrally-managed policy managing vast numbers of information resources to minimize maintenance costs, enforcement gaps, and errors.

* The agility and speed to respond to new market conditions and changing business initiatives through using a flexible, systematic approach to information controls.

ee also

*XACML
*Compliance
*Data Loss Prevention
*Enterprise software

External links

* [http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml OASIS XACML]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Universal health care — is health care coverage which is extended to all eligible residents of a governmental region. Universal health care programs vary widely in their structure and funding mechanisms, particularly the degree to which they are publicly funded.… …   Wikipedia

  • Universal Life Church — Leader Andre Hensley Geographical areas Worldwide Founder Kirby J. Hensley Origin May 2, 1962 Modesto, California Separation …   Wikipedia

  • Universal usability — refers to the design of information and communications products and services that are usable for every citizen. The concept has been advocated by Professor Ben Shneiderman, a computer scientist at the University of Maryland, College Park. He also …   Wikipedia

  • Universal Handy Interface — (UHI) is a Motorola designed universal interface for mobile phone use (Motorola, Nokia, Siemens AG, Sony Ericsson, Samsung) in Mercedes Benz cars.The mobile phone is placed in a cradle connected to a telephone network unit and operated using the… …   Wikipedia

  • Universal design — Disability Theory and models …   Wikipedia

  • Universal remote — A universal remote is a remote control that can be programmed to operate various brands of one or more types of consumer electronics devices. Low end universal remotes can only control a set number of devices determined by their manufacturer,… …   Wikipedia

  • Universal Fighting System — Infobox Game | subject name= Universal Fighting System image link= image caption = designer= Ryan Miller publisher= Fantasy Flight Games players= 2 ages= 10+ setup time= < 3 minutes playing time= 25 minutes complexity= High strategy= High random… …   Wikipedia

  • Universal Precautions — (in full, Universal Blood and Body Fluid Precautions). A set of procedural directives and guidelines published in August 1987 by the Centers for Disease Control and Prevention (CDC) (as Recommendations for Prevention of HIV Transmission in Health …   Medical dictionary

  • Johnson Controls — Johnson Controls, Inc. Type Public (NYSE: JCI) Founded 1885 …   Wikipedia

  • List of Universal Century locations — This is a list of fictional locations from the Universal Century timeline of the fictional Gundam anime metaseries.The EarthAlthough a large percentage of the Earth s population had been relocated to space, people still lived on Earth. Those left …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”