| The security perimeter, which once was simply defined as the fence around the premises of an organisation, is becoming increasingly flexible and adaptable to the environment and the circumstances. We call this process re-perimeterisation (ReP). The effects of ReP are felt in the digital domain (where data moves from organisation to organisation through networks), the social domain (where one individual may play a variety of roles in cooperating organisations) and the physical domain (where appliances such as mobile phones and laptops move around). ReP brings about new security risks because of the difficulty of keeping the domains aligned. For example, stealing a laptop (social domain) with a motion sensor triggers an alarm (physical domain), which then selects a security policy that blocks access to all sensitive data (digital domain). By making the security perimeter explicit in business processes, security policies and security mechanisms, we intend to foster alignment of the three domains. This would then mitigate the risks of ReP. |
