Organizational Modeling for Efficient Specification of Information Security Requirements

Authors:
Jussipekka Leiwo;Chandana Gamage;Yuliang Zheng
Affiliations:
-;-;-
Venue:
ADBIS '99 Proceedings of the Third East European Conference on Advances in Databases and Information Systems
Year:
1999

Citing 12
Cited 2

Communicating sequential processes

Communicating sequential processes
Risk analysis as a source of professional knowledge

Computers and Security
Information systems security design methods: implications for information systems development

ACM Computing Surveys (CSUR)
Computer communications security: principles, standard protocols and techniques

Computer communications security: principles, standard protocols and techniques
Security modelling for organisations

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Role-Based Access Control Models

Computer
A formal model to aid documenting and harmonizing of information security requirements

SEC'97 Proceedings of the IFIP TC11 13 international conference on Information Security (SEC '97) on Information security in research and business
Toward a secure system engineering methodolgy

Proceedings of the 1998 workshop on New security paradigms
Foreword

Journal of Computer Security
Information Systems Security

Information Systems Security
A Framework for the Management of Information Security

ISW '97 Proceedings of the First International Workshop on Information Security
Protection

ACM SIGOPS Operating Systems Review

A Mechanism for Deriving Specifications of Security Functions in the CC Framework

DEXA '99 Proceedings of the 10th International Conference on Database and Expert Systems Applications
Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based Approach

Information Resources Management Journal

Quantified Score

Hi-index	0.01

Visualization

Abstract

Functional security requirements of information systems can roughly be classified into two: computer security requirements and communications security requirements. Challenges for developing notations for expressing these requirements are numerous, most importantly the difficulty of dealing with layers of abstraction, flexibility to adapt into many types of requirements, groupings of requirements, and requirement dependencies. Many frameworks for dealing with information security highlight the importance of a properly defined organization of security but fail to establish models to support the specification. This paper establishes one such model and demonstrates how the above difficulties can be overcome through extensive application of organizational modeling of information security.