Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

X. Su, D. Bolzoni, Pascal van Eck

Research output: Book/ReportReportProfessional

51 Downloads (Pure)

Abstract

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.
Original languageUndefined
Place of PublicationEnschede
PublisherCentre for Telematics and Information Technology (CTIT)
Number of pages15
Publication statusPublished - 30 Nov 2006

Publication series

NameCTIT Technical Report Series
PublisherCentre for Telematics and Information Technology, University of Twente
No.06-73
ISSN (Print)1381-3625

Keywords

  • SCS-Services
  • METIS-237417
  • SCS-Cybersecurity
  • EWI-7989
  • IR-66571

Cite this

Su, X., Bolzoni, D., & van Eck, P. (2006). Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. (CTIT Technical Report Series; No. 06-73). Enschede: Centre for Telematics and Information Technology (CTIT).
Su, X. ; Bolzoni, D. ; van Eck, Pascal. / Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. Enschede : Centre for Telematics and Information Technology (CTIT), 2006. 15 p. (CTIT Technical Report Series; 06-73).
@book{c03d67a36ed943a899cb0cd22cf3b724,
title = "Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services",
abstract = "In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.",
keywords = "SCS-Services, METIS-237417, SCS-Cybersecurity, EWI-7989, IR-66571",
author = "X. Su and D. Bolzoni and {van Eck}, Pascal",
note = "http://eprints.eemcs.utwente.nl/7989/",
year = "2006",
month = "11",
day = "30",
language = "Undefined",
series = "CTIT Technical Report Series",
publisher = "Centre for Telematics and Information Technology (CTIT)",
number = "06-73",
address = "Netherlands",

}

Su, X, Bolzoni, D & van Eck, P 2006, Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. CTIT Technical Report Series, no. 06-73, Centre for Telematics and Information Technology (CTIT), Enschede.

Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. / Su, X.; Bolzoni, D.; van Eck, Pascal.

Enschede : Centre for Telematics and Information Technology (CTIT), 2006. 15 p. (CTIT Technical Report Series; No. 06-73).

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

AU - Su, X.

AU - Bolzoni, D.

AU - van Eck, Pascal

N1 - http://eprints.eemcs.utwente.nl/7989/

PY - 2006/11/30

Y1 - 2006/11/30

N2 - In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.

AB - In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.

KW - SCS-Services

KW - METIS-237417

KW - SCS-Cybersecurity

KW - EWI-7989

KW - IR-66571

M3 - Report

T3 - CTIT Technical Report Series

BT - Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -

Su X, Bolzoni D, van Eck P. Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. Enschede: Centre for Telematics and Information Technology (CTIT), 2006. 15 p. (CTIT Technical Report Series; 06-73).