Abstract
Original language | Undefined |
---|---|
Place of Publication | Enschede |
Publisher | Centre for Telematics and Information Technology (CTIT) |
Number of pages | 15 |
Publication status | Published - 30 Nov 2006 |
Publication series
Name | CTIT Technical Report Series |
---|---|
Publisher | Centre for Telematics and Information Technology, University of Twente |
No. | 06-73 |
ISSN (Print) | 1381-3625 |
Keywords
- SCS-Services
- METIS-237417
- SCS-Cybersecurity
- EWI-7989
- IR-66571
Cite this
}
Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services. / Su, X.; Bolzoni, D.; van Eck, Pascal.
Enschede : Centre for Telematics and Information Technology (CTIT), 2006. 15 p. (CTIT Technical Report Series; No. 06-73).Research output: Book/Report › Report › Professional
TY - BOOK
T1 - Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services
AU - Su, X.
AU - Bolzoni, D.
AU - van Eck, Pascal
N1 - http://eprints.eemcs.utwente.nl/7989/
PY - 2006/11/30
Y1 - 2006/11/30
N2 - In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.
AB - In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements. Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session.
KW - SCS-Services
KW - METIS-237417
KW - SCS-Cybersecurity
KW - EWI-7989
KW - IR-66571
M3 - Report
T3 - CTIT Technical Report Series
BT - Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services
PB - Centre for Telematics and Information Technology (CTIT)
CY - Enschede
ER -