This paper analyses the process which was employed in defining the securityrnarchitecture for a latest-generation Electronic Toll Collection (ETC) system. It focuses onrnone fundamental operational requirement – the non-repudiation of transactional data and thernevidence of travel in support of the enforcement of tolling events – and uses this to highlightrnthe essential integration between technological capability and operational processes inrndelivering a secure solution.rnPut simply: in a market of off-the-shelf security “solutions”, it is essential at the enterprisernlevel to recognise that security is a process, not a product.rnThe interactions between technical and technological capabilities, operational policies,rnpeople and business processes must be tightly aligned in order to demonstrate that thernenterprise has achieved the non-repudiation of transactional data, and has a sound basis forrntolling.
展开▼