48 Int. J. Information and Computer Security, Vol. 5, No. 1, 2012 Copyright © 2012 Inderscience Enterprises Ltd. PCIEF: a policy conflict identification and evaluation framework Vimalathithan Subramanian* Department of Integrated Computing, University of Arkansas at Little Rock, 2801 S University Avenue, EIT-579, Little Rock, AR-72204, USA Fax: 501-569-8144 E-mail: sxvimalathit@ualr.edu *Corresponding author Remzi Seker Department of Electrical, Computer, Software, and Systems Engineering Embry-Riddle Aeronautical University, 600 S Clyde Morris Blvd., Daytona Beach, FL 32114-3900, USA Fax: 386-226-6678 E-mail: sekerr@erau.edu Srini Ramaswamy Industrial Software Systems, ABB India Corporate Research Center, Bangalore 560048, India Fax: 501-569-8144 E-mail: srini@ieee.org Rathinasamy B. Lenin Department of Mathematics, University of Central Arkansas, 201 Donaghey Avenue, Conway, AR 72035-0001, USA Fax: 501-450-5662 E-mail: rblenin@uca.edu Abstract: Information system security policies have grown in complexity and the emerging collaborative nature of business has created new challenges in creating and managing such policies. These policies address several domains ranging from access control to disaster recovery and depend not only on the business itself but on socio-political/legal requirements as well. Events like collaborative work or project-based organisational units result in the need to create a new information system security policy for the specific work/project, while maintaining status quo of existing policies. This requires identification