Specifying Information Security Needs for the Delivery of High Quality Security Services

X. Su, D. Bolzoni, Pascal van Eck

    Research output: Contribution to conferencePaperpeer-review

    122 Downloads (Pure)

    Abstract

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. We propose to explicitly link security requirements with the organizations' business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance.
    Original languageUndefined
    Pages112-113
    Number of pages2
    DOIs
    Publication statusPublished - May 2007
    Event2nd IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM '07 - Munich, Germany
    Duration: 21 May 200723 May 2007

    Workshop

    Workshop2nd IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM '07
    Period21/05/0723/05/07
    Other21-23 May 2007

    Keywords

    • SCS-Cybersecurity
    • IR-74393
    • EWI-18742
    • SCS-Services

    Cite this