PRISM: A preventive and risk-reducing integrated security management model using security label

An automated security management integrating various security systems is strongly required because cyber attacks are evolving day after day. Moreover, the attacks are become more complex and intelligent than past. Several integrated security management (ISM) models are supposed and implemented to meet the requirements. However, the current ISM is passive and behaves in a post-event manner. To reduce costs and resources for managing security and to remove the possibility of an intruder succeeding in attacks, the preventive security management technology is strongly required. This paper proposes the PRISM model that is based on tracing important assets in a managed network and performs preventive security management before security incidents occur. Additionally, PRISM model employs security labels to deploy differentiated security measure. The PRISM will provide concrete and effective security management to the organization’s network.