Information Technology Reference
In-Depth Information
Chapter 9
Security Aspects
9.1
IT Security as Part of Quality Management
9.1.1 Security Requirements
Security requirements arise on different levels:
At the strategic level and its relation to the overall organisation,
As tools to satisfy certain specifications and
Through groups of people, who are responsible for those specifications.
These different dimensions will be discussed in the following. They are in turn
related to specific risk estimates and possible countermeasures.
9.1.2 Risks
Risks can be categorized multi-dimensionally:
With respect to physical objects
With respect to potential damage
Or as a combination of both.
Additionally risks evolve with the progress of attacks: the further an invader
progresses in a system the higher will be the remaining risk. Risks, however, can
never be completely eliminated.
