BC3I - Towards Requirements Specification for Preparing an Information Security Budget
نویسندگان
چکیده
The entire business landscape finds itself on the verge of a recession because of ongoing global economic turmoil. Thus, there is a heightened need to minimise and mitigate business risk and scrutinise information spending while ensuring compliance with regulatory mandates. This calls for decision makers to become vigilant in their spending and move towards an optimised information security investment. The main aim of this paper is to provide decision makers with a set of requirements to be considered when implementing a cost-effective and optimal information security budget; in a manner that preserve organisations’ information security posture and compliance status. Research reported on in this paper forms part of an ongoing project known as the BC3I (Broad Control Category Cost Indicators) framework.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملAnalysing Security Requirements of Information Systems Using Tropos
Security is an important issue when developing complex information systems, however very little work has been done in integrating security concerns during the analysis of information systems. Current methodologies fail to adequately integrate security and systems engineering, basically because they lack concepts and models as well as a systematic approach towards security. We believe that secur...
متن کاملAnalysing Security Requirements of Information Systems Using Tropos
Security is an important issue when developing complex information systems, however very little work has been done in integrating security concerns during the analysis of information systems. Current methodologies fail to adequately integrate security and systems engineering, basically because they lack concepts and models as well as a systematic approach towards security. We believe that secur...
متن کامل