Formalizing information security requirements
Abstract
Risk analysis, concentrating on assets, threats and vulnerabilities, used to play a major role in helping to identify the most effective set of security controls to protect information technology resources. To successfully protect information, the security controls must not only protect the infrastructure, but also instill and enforce certain security properties in the information resources. To accomplish this, a more modern top‐down approach is called for today, where security requirements driven by business needs dictate the level of protection required.
Keywords
Citation
Gerber, M., von Solms, R. and Overbeek, P. (2001), "Formalizing information security requirements", Information Management & Computer Security, Vol. 9 No. 1, pp. 32-37. https://doi.org/10.1108/09685220110366768
Publisher
:MCB UP Ltd
Copyright © 2001, MCB UP Limited