BC3I - Towards Requirements Specification for Preparing an Information Security Budget

نویسندگان

  • M. T. Dlamini
  • Mariki M. Eloff
  • Jan H. P. Eloff
  • Karin Höne
چکیده

The entire business landscape finds itself on the verge of a recession because of ongoing global economic turmoil. Thus, there is a heightened need to minimise and mitigate business risk and scrutinise information spending while ensuring compliance with regulatory mandates. This calls for decision makers to become vigilant in their spending and move towards an optimised information security investment. The main aim of this paper is to provide decision makers with a set of requirements to be considered when implementing a cost-effective and optimal information security budget; in a manner that preserve organisations’ information security posture and compliance status. Research reported on in this paper forms part of an ongoing project known as the BC3I (Broad Control Category Cost Indicators) framework.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An automatic test case generator for evaluating implementation of access control policies

One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...

متن کامل

A semantic-aware role-based access control model for pervasive computing environments

Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...

متن کامل

A model for specification, composition and verification of access control policies and its application to web services

Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...

متن کامل

Analysing Security Requirements of Information Systems Using Tropos

Security is an important issue when developing complex information systems, however very little work has been done in integrating security concerns during the analysis of information systems. Current methodologies fail to adequately integrate security and systems engineering, basically because they lack concepts and models as well as a systematic approach towards security. We believe that secur...

متن کامل

Analysing Security Requirements of Information Systems Using Tropos

Security is an important issue when developing complex information systems, however very little work has been done in integrating security concerns during the analysis of information systems. Current methodologies fail to adequately integrate security and systems engineering, basically because they lack concepts and models as well as a systematic approach towards security. We believe that secur...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009