Abstract
In this paper we present an approach for specifying and prioritizing
information security requirements in organizations. It is important
to prioritize security requirements since hundred per cent security is
not achievable and the limited resources available should be directed to
satisfy the most important ones. We propose to link explicitly security
requirements with the organization’s business vision, i.e. to provide business
rationale for security requirements. The rationale is then used as a
basis for comparing the importance of different security requirements.
A conceptual framework is presented, where the relationships between
business vision, critical impact factors and valuable assets (together with
their security requirements) are shown.
| Original language | Undefined |
|---|---|
| Title of host publication | 11th International Workshop on Exploring Modeling Methods in Systems Analysis and Design (EMMSAD2006) |
| Editors | T. Latour, M. Petit |
| Place of Publication | Namur |
| Publisher | Presses Universitaries de Namur |
| Pages | 465-472 |
| Number of pages | 8 |
| ISBN (Print) | 2-87037-525-5 |
| Publication status | Published - May 2006 |
| Event | 11th International Workshop on Exploring Modeling Methods in Systems Analysis and Design, EMMSAD 2006 - Luxembourg, Luxembourg Duration: 5 Jun 2006 → 9 Jun 2006 Conference number: 11 |
Publication series
| Name | |
|---|---|
| Publisher | Presses Universitaries de Namur |
Workshop
| Workshop | 11th International Workshop on Exploring Modeling Methods in Systems Analysis and Design, EMMSAD 2006 |
|---|---|
| Abbreviated title | EMMSAD |
| Country/Territory | Luxembourg |
| City | Luxembourg |
| Period | 5/06/06 → 9/06/06 |
Keywords
- EWI-2702
- METIS-237430
- IR-65599
- SCS-Services
- SCS-Cybersecurity