Author: Kearney P. Brügger L.
Publisher: Springer Publishing Company
ISSN: 1358-3948
Source: BT Technology Journal, Vol.25, Iss.1, 2007-01, pp. : 141-153
Disclaimer: Any content in publications that violate the sovereignty, the constitution or regulations of the PRC is not accepted or approved by CNPIEC.
Abstract
The BT Security Research Centre has defined and continues to develop a modelling language and method for representing and analysing ICT security requirements. The language is used to create a model that serves as a medium for communication between consultant and customer, a guide in making decisions, and the basis of a specification for implementing a solution. Three sub-models deal with business and technical requirements of the ICT system; threats, vulnerability and risks; and security measures and processes. The modelling process is iterative, with decisions being driven by optimisation of business value, trading off risk against cost. This paper focuses on aspects of the method dealing with assessment of risk and analysis of requirements for operational risk management.
Related content
Access to resources
Recommend
Security risk mitigation for information systems
By Page V. Dixon M. Choudhury I.
BT Technology Journal, Vol. 25, Iss. 1, 2007-01 ,pp. :
Security risk management in the BT HP alliance
By Todd M. Zibert E. Midwinter T.
BT Technology Journal, Vol. 24, Iss. 4, 2006-10 ,pp. :
Creating an effective security risk model for outsourcing decisions
BT Technology Journal, Vol. 25, Iss. 1, 2007-01 ,pp. :