A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

X. Su, D. Bolzoni, Pascal van Eck

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    12 Downloads (Pure)

    Abstract

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to link explicitly security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. A conceptual framework is presented, where the relationships between business vision, critical impact factors and valuable assets (together with their security requirements) are shown.
    Original languageUndefined
    Title of host publication11th International Workshop on Exploring Modeling Methods in Systems Analysis and Design (EMMSAD2006)
    EditorsT. Latour, M. Petit
    Place of PublicationNamur
    PublisherPresses Universitaries de Namur
    Pages465-472
    Number of pages8
    ISBN (Print)2-87037-525-5
    Publication statusPublished - May 2006
    Event11th International Workshop on Exploring Modeling Methods in Systems Analysis and Design, EMMSAD 2006 - Luxembourg, Luxembourg
    Duration: 5 Jun 20069 Jun 2006
    Conference number: 11

    Publication series

    Name
    PublisherPresses Universitaries de Namur

    Workshop

    Workshop11th International Workshop on Exploring Modeling Methods in Systems Analysis and Design, EMMSAD 2006
    Abbreviated titleEMMSAD
    CountryLuxembourg
    CityLuxembourg
    Period5/06/069/06/06

    Keywords

    • EWI-2702
    • METIS-237430
    • IR-65599
    • SCS-Services
    • SCS-Cybersecurity

    Cite this