Abstract
Information Security Management Standards and Code of Practice provide guidance on good practice for security officers. However there is still a significant gap between the security officer’s real world environment and the advice provided by information security professionals and consultants.
This paper suggests that a uniform approach to security documentation may provide a first step in bridging that gap, and discusses a proposed structure for such documentation. It is clear from this discussion, however, that a first attempt at security documentation reveals a more fundamental problem, the lack of a working security model. Having documented the local security scenario, the security officer requires some means to extract security relevant information, e.g. to advise management on the current state of organizational security and to recommend security priorities. This paper concludes with a discussion on such a security model.
Chapter PDF
Similar content being viewed by others
References
Courtney, R.H. JR., “Security risk assessment in electronic data processing systems.” AFIPS Conference Proceedings 1977, pp.97–104.
Anderson, A.M., Longley, D., and Tickle, A.B., “The Risk Data Repository: A Novel Approach to Security Risk Modelling”. Computer Security, Proc. IFIP TC 11 9 th Int. Conf. on Information Security (Editor Dougall), IFIP Sec.’93, Toronto, Canada, 12–14 May 1993, NY: Elsevier Science Publishers, 1993, 185–190.
Anderson A, Kwok L F and Longley D, “Security Modelling for Organisations”, Proc. of 2nd ACM Conf on Computer and Communication Security, Fairfax Virginia, USA, 2–4 Nov 1994, pp.241–250.
Kwok L F and Longley D, “A Security Officers ‘Workbench”, Computers and Security, Vol.15, No. 8, 1996, 695–705.
Caelli, W., Longley, D., and Tickle, A.B. “A Methodology for Describing Information and Physical Security Architectures”. IT Security: The Need for International Cooperation, Proc. IFIP TC11 8 th Int. Conf. on Information Security (Editors Gable and Caelli), IFIP Sec.’92, Singapore, 27–29 May 1992, NY: Elsevier Science Publishers, 1992, 277–296.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Kwok, LF., Fung, P.P.K., Longley, D. (2001). Security Documentation. In: Eloff, J.H.P., Labuschagne, L., von Solms, R., Dhillon, G. (eds) Advances in Information Security Management & Small Systems Security. IFIP International Federation for Information Processing, vol 72. Springer, Boston, MA. https://doi.org/10.1007/0-306-47007-1_10
Download citation
DOI: https://doi.org/10.1007/0-306-47007-1_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7506-7
Online ISBN: 978-0-306-47007-3
eBook Packages: Springer Book Archive