LogoutWelcome guest
Article Information:
Title:
Formalizing information security requirements
Author(s):
Mariana Gerber, Rossouw von Solms, Paul Overbeek
Journal:
Information Management & Computer Security
Year:
2001
Volume:
Issue:
Page:
32 - 37
ISSN:
0968-5227
DOI:
10.1108/09685220110366768
Publisher:
MCB UP Ltd
Document Access:
Existing customers:
Please login above.
You do not have rights to view the article
Purchase this document:
Price payable:
GBP £13.00
plus handling charge of GBP £1.50
and VAT where applicable.
Purchase
Request this document:
Print or e-mail a document request to your librarian.
Request
Reprints & permissions:
Request
Abstract:
Risk analysis, concentrating on assets, threats and vulnerabilities, used to play a major role in helping to identify the most effective set of security controls to protect information technology resources. To successfully protect information, the security controls must not only protect the infrastructure, but also instill and enforce certain security properties in the information resources. To accomplish this, a more modern top-down approach is called for today, where security requirements driven by business needs dictate the level of protection required.
Keywords:
Information, Organizations, Risk analysis, Security
Article Type:
Research paper