Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

X. Su; D. Bolzoni; Pascal van Eck

doi:10.1109/SECUREWARE.2007.4385319

Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

X. Su, D. Bolzoni, Pascal van Eck

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

21 Downloads (Pure)

Abstract

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.

Original language	Undefined
Title of host publication	Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07)
Place of Publication	Los Alamitos
Publisher	IEEE Computer Society
Pages	107-114
Number of pages	8
ISBN (Print)	0-7695-2989-5
DOIs	https://doi.org/10.1109/SECUREWARE.2007.4385319 https://doi.org/10.1109/SECUREWARE.2007.42
Publication status	Published - Oct 2007
Event	The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07) - Valencia, Spain Duration: 14 Oct 2007 → 20 Oct 2007

Publication series

Name
Publisher	IEEE Computer Society
Number	WoTUG-31

Conference

Conference	The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07)
Period	14/10/07 → 20/10/07
Other	October 14-20, 2007

Keywords

EWI-14276
SCS-Cybersecurity
SCS-Services
METIS-254936
IR-65164

Access to Document

SU-HighQualitySecurityServices

Cite this

Su, X., Bolzoni, D., & van Eck, P. (2007). Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. In Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07) (pp. 107-114). [10.1109/SECUREWARE.2007.42] IEEE Computer Society. https://doi.org/10.1109/SECUREWARE.2007.4385319, https://doi.org/10.1109/SECUREWARE.2007.42

@inproceedings{678669d591d445648378acc205cbc471,

title = "Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services",

abstract = "In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization{\textquoteright}s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.",

keywords = "EWI-14276, SCS-Cybersecurity, SCS-Services, METIS-254936, IR-65164",

author = "X. Su and D. Bolzoni and {van Eck}, Pascal",

note = "10.1109/SECUREWARE.2007.42 ; null ; Conference date: 14-10-2007 Through 20-10-2007",

year = "2007",

month = oct,

doi = "10.1109/SECUREWARE.2007.4385319",

language = "Undefined",

isbn = "0-7695-2989-5",

publisher = "IEEE Computer Society",

number = "WoTUG-31",

pages = "107--114",

booktitle = "Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07)",

address = "United States",

}

Su, X, Bolzoni, D & van Eck, P 2007, Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. in Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07)., 10.1109/SECUREWARE.2007.42, IEEE Computer Society, Los Alamitos, pp. 107-114, The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07), 14/10/07. https://doi.org/10.1109/SECUREWARE.2007.4385319, https://doi.org/10.1109/SECUREWARE.2007.42

Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. / Su, X.; Bolzoni, D.; van Eck, Pascal.

Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07). Los Alamitos : IEEE Computer Society, 2007. p. 107-114 10.1109/SECUREWARE.2007.42.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

AU - Su, X.

AU - Bolzoni, D.

AU - van Eck, Pascal

N1 - 10.1109/SECUREWARE.2007.42

PY - 2007/10

Y1 - 2007/10

N2 - In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.

AB - In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.

KW - EWI-14276

KW - SCS-Cybersecurity

KW - SCS-Services

KW - METIS-254936

KW - IR-65164

U2 - 10.1109/SECUREWARE.2007.4385319

DO - 10.1109/SECUREWARE.2007.4385319

M3 - Conference contribution

SN - 0-7695-2989-5

SP - 107

EP - 114

BT - Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07)

PB - IEEE Computer Society

CY - Los Alamitos

Y2 - 14 October 2007 through 20 October 2007

ER -

Su X, Bolzoni D, van Eck P. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. In Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE '07). Los Alamitos: IEEE Computer Society. 2007. p. 107-114. 10.1109/SECUREWARE.2007.42 doi: 10.1109/SECUREWARE.2007.4385319, 10.1109/SECUREWARE.2007.42