Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

Share/Save/Bookmark

Su, X. and Bolzoni, D. and Eck, P.A.T. (2006) Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. [Report]

[img]
Preview
PDF
183kB
Abstract:In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is
not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business
rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements.
Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.
Item Type:Report
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/66571
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page

Metis ID: 237417