Su, X. and Bolzoni, D. and van Eck, P.A.T.
A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements.
Technical Report TR-CTIT-06-08,
Centre for Telematics and Information Technology University of Twente, Enschede.
There is a more recent version of this eprint available. Click here to view it.
Full text available as:
Official URL: http://arxiv.org/abs/cs.CR/0603129
In this paper we present an approach for specifying and prioritizing
information security requirements in organizations. It is important
to prioritize security requirements since hundred per cent security is
not achievable and the limited resources available should be directed to
satisfy the most important ones. We propose to link explicitly security
requirements with the organization’s business vision, i.e. to provide business
rationale for security requirements. The rationale is then used as a
basis for comparing the importance of different security requirements.
A conceptual framework is presented, where the relationships between
business vision, critical impact factors and valuable assets (together with
their security requirements) are shown.
|Item Type:||Internal Report (Technical Report)|
|Research Group:||EWI-IS: Information Systems, EWI-DIES: Distributed and Embedded Security|
|Research Program:||CTIT-ISTRICE: Integrated Security and Privacy in a Networked World|
|Research Project:||IPID: Integrated Policy-based Intrusion Detection|
|Deposited On:||28 April 2006|
Available Versions of this Item
Export this item as:
To correct this item please ask your editor
Repository Staff Only: edit this item