Document Type



Security management has become a major concern in today’s e-business systems due to ever-increasing attacks on enterprise servers. This has led to the increasing sophistication of network security tools and systems in e-business networks that involve a number of organizational entities cooperating over computer communication networks. Many large organizations are outsourcing the management of e-business networks. This paper examines the problem of security management in the context of an Management Service Provider (an organization that provides remote management of e-business networks). Existing security tools (e.g., Intrusion Detection Systems (IDS)) assist us in detecting attempts by unauthorized users to get access to networked information resources. However, the management of IDSs offers some interesting challenges (e.g., false alerts). This paper presents a policy-based management framework to solve this problem.