Abstract
A formal top down model shall be presented to aid documentation and harmonization of information security requirements. The model formalizes layered development of information security, where top level abstract objectives, strategies and policies are step by step refined into concrete protection measure specifications. The model consists of static and dynamic parts, where static part refers to the organization, and dynamic part to the refinement of requirements. Major functions are horizontal and vertical harmonization functions used to transfer requirement into lower levels of abstraction, and to identify requirements of secure inter-operation of systems on each layer. Application of the model then consists of two parts: specification of the organization and specification of requirement harmonization functions.
Chapter PDF
Similar content being viewed by others
Keywords
References
Abrams, M. D., Bailey, D. (1995), Abstraction and refinement of layered security policy, in M. D. Abrams, S. Jajodia, H. J. Podell, eds, `Information Security - An Integrated Collection of Essays’, IEEE Computer Society Press, Los Alamitos, CA, USA.
Anderson, A., Longley, D., Kwok, L. F. (1994), Security modelling for organisations, in `2nd ACM Conference on Computer and Communications Security’, Fairfax, Virginia, USA.
Backhouse, J., Dhillon, G. (1996), `Structures of responsibility and security of information systems’, European Journal of Information Systems 5, 2–9.
Bailey, D. (1995), A philosophy of security management, in M. D. Abrams, S. Jajodia, H. J. Podell, eds, `Information Security - An Integrated Collection of Essays’, IEEE Computer Society Press, Los Alamitos, CA, USA.
Baskerville, R. (1993), `Information systems security design methods: Implications for information systems development’, ACM Computing Surveys 25 (4), 375–414.
Bell, D. E. (1988), Concerning “modeling” of computer security, in `IEEE Symposium on Security and Privacy’.
Castano, S., Fugini, M., Martella, G., Samarati, P. (1995), Database Security, ACM Press. Cohen, F. B. (1995), Protection and Security on the Information Superhighway, John Wiley, Sons, inc.
EC-C277 (1990), `Proposal for a council directive concerning the protection of individuals in relation to the processing of personal data’, Official Journal of the European Communities No C277.
Gong, L., Qian, X. (1994), The complexity and composability of secure interoperation, in `1994 IEEE Symposium on Research on Security and Privacy’.
Iivari, J. (1983), Contributions to the theoretical foundations of systemeering research and the PIOCO model, Acta Universitatis Ouluensis A150, University of Oulu, Oulu,Finland.
ISO7498–2 (1988), `International standard ISO 7498–2. information processing systems - Open systems interconnection - Basic reference model - Part 2: Security architecture’.
ITSEC (1992), `Information technology security evaluation criteria (ITSEC). Provisional harmonized criteria, version 1.2’, Commission of the European Communities COM(92) 298 final, Brussels, Belgium.
Leiwo, J. (1995a), Deterrence of computer network crime: The international coordinative level approach towards legislation, Working Papers Series B 35, University of Oulu, Department of Information Processing Science, Oulu, Finland.
Leiwo, J. (1995b), Deterring computer network criminals with legislative methods: The need for international harmonization, in `GRONICS’95 International Information Technology Conference for Students’, University of Groningen, Groningen, the Netherlands.
Olson, I. M., Abrams, M. D. (1995), Information security policy, in M. D. Abrams, S. Jajodia, H. J. Podell, eds, `Information Security - An Integrated Collection of Essays’, IEEE Computer Society Press, Los Alamitos, CA, USA.
Sterne, D. F. (1991), On the buzzword Security Policy, in `IEEE Symposium on Security and Privacy’.
Williams, J. G., Abrams, M. D. (1995), Formal methods and models, in M. D. Abrams
S. Jajodia, H. J. Podell, eds, `Information Security - An Integrated Collection of Essays’, IEEE Computer Society Press, Los Alamitos, CA, USA.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Leiwo, J., Zheng, Y. (1997). A Formal model to aid documenting and harmonizing of information security requirements. In: Yngström, L., Carlsen, J. (eds) Information Security in Research and Business. IFIP — The International Federation for Information Processing. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35259-6_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-35259-6_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5481-0
Online ISBN: 978-0-387-35259-6
eBook Packages: Springer Book Archive