Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

X. Su, D. Bolzoni, Pascal van Eck

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    18 Downloads (Pure)

    Abstract

    In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.
    Original languageUndefined
    Title of host publicationProceedings of the The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07)
    Place of PublicationLos Alamitos
    PublisherIEEE Computer Society
    Pages107-114
    Number of pages8
    ISBN (Print)0-7695-2989-5
    DOIs
    Publication statusPublished - Oct 2007
    EventThe International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07) - Valencia, Spain
    Duration: 14 Oct 200720 Oct 2007

    Publication series

    Name
    PublisherIEEE Computer Society
    NumberWoTUG-31

    Conference

    ConferenceThe International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07)
    Period14/10/0720/10/07
    OtherOctober 14-20, 2007

    Keywords

    • EWI-14276
    • SCS-Cybersecurity
    • SCS-Services
    • METIS-254936
    • IR-65164

    Cite this