Back to University of Twente portal
Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services
Su, Xiaomeng and Bolzoni, Damiano and Eck van, Pascal (2007) Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. In: International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2007, October 14-20, 2007, Valencia, Spain.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png) | PDF Restricted to UT campus only: Request a copy 313Kb |
| Abstract: | In this paper we present an approach for specifying
and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session. |
| Item Type: | Conference or Workshop Item |
| Copyright: | © 2007 IEEE |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/65164 |
| Official URL: | http://dx.doi.org/10.1109/SECUREWARE.2007.4385319 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page
Metis ID: 254936