An Enterprise Level Security Requirements Specification Model

	This Article
	PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Evan Anderson Articles by Joobin Choobineh Articles by Michael R. Grimaila

Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 7

An Enterprise Level Security Requirements Specification Model (PDF)

Big Island, Hawaii

January 03-January 06

ISBN: 0-7695-2268-8

	ASCII Text	x
	Evan Anderson, Joobin Choobineh, Michael R. Grimaila, "An Enterprise Level Security Requirements Specification Model," Hawaii International Conference on System Sciences, vol. 7, pp. 186c, Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 7, 2005.

	BibTex	x
	@article{ 10.1109/HICSS.2005.88, author = {Evan Anderson and Joobin Choobineh and Michael R. Grimaila}, title = {An Enterprise Level Security Requirements Specification Model}, journal ={Hawaii International Conference on System Sciences}, volume = {7}, year = {2005}, issn = {1530-1605}, pages = {186c}, doi = {http://doi.ieeecomputersociety.org/10.1109/HICSS.2005.88}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hawaii International Conference on System Sciences TI - An Enterprise Level Security Requirements Specification Model SN - 1530-1605 SP EP A1 - Evan Anderson, A1 - Joobin Choobineh, A1 - Michael R. Grimaila, PY - 2005 KW - null VL - 7 JA - Hawaii International Conference on System Sciences ER -

Evan Anderson, Texas A&M University; College Station, TX

Joobin Choobineh, Texas A&M University; College Station, TX

Michael R. Grimaila, Air Force Institute of Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HICSS.2005.88

A formal model of security requirements for enterprise information technology protection is developed. The model is based on set theory and represented using an Entity-Relationship diagram. Components of the model include high level business objectives and their criticality, business requirements and their utilization, resources and their characterization as protector or protected resources, controls and their effectiveness, threats, vulnerabilities, potential exploits, and the resulting impact. An example representation of a formal relationship is provided. The model provides a canonical representation of enterprise security, enables automation and hence rigorous analysis of the security cost and effectiveness, provides for completeness and consistency checking, and offers a means for what-if as well as comparative analysis of security readiness.

Citation:

Evan Anderson, Joobin Choobineh, Michael R. Grimaila, "An Enterprise Level Security Requirements Specification Model," hicss, vol. 7, pp.186c, Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 7, 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.