A Formal model to aid documenting and harmonizing of information security requirements

Abstract

A formal top down model shall be presented to aid documentation and harmonization of information security requirements. The model formalizes layered development of information security, where top level abstract objectives, strategies and policies are step by step refined into concrete protection measure specifications. The model consists of static and dynamic parts, where static part refers to the organization, and dynamic part to the refinement of requirements. Major functions are horizontal and vertical harmonization functions used to transfer requirement into lower levels of abstraction, and to identify requirements of secure inter-operation of systems on each layer. Application of the model then consists of two parts: specification of the organization and specification of requirement harmonization functions.