@inproceedings{2ea683df571a4ab1ac93488ad311f726,
title = "Security Documentation",
abstract = "Information Security Management Standards and Code of Practice provide guidance on good practice for security officers. However there is still a significant gap between the security officer's real world environment and the advice provided by information security professionals and consultants. This paper suggests that a uniform approach to security documentation may provide a first step in bridging that gap, and discusses a proposed structure for such documentation. It is clear from this discussion, however, that a first attempt at security documentation reveals a more fundamental problem, the lack of a working security model. Having documented the local security scenario, the security officer requires some means to extract security relevant information, e.g. to advise management on the current state of organizational security and to recommend security priorities. This paper concludes with a discussion on such a security model. {\textcopyright} IFIP International Federation for Information Processing 2001",
keywords = "Countermeasures, Risk analysis, Security documentation, Security model, Security standards",
author = "Lam-For KWOK and FUNG, {Peggy P K} and Dennis LONGLEY",
year = "2002",
doi = "10.1007/0-306-47007-1_10",
language = "English",
isbn = "9780792375067",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer ",
pages = "127--139",
editor = "Eloff, {Jan H. P. } and Labuschagne, {Les } and Solms, {Rossouw }",
booktitle = "Advances in Information Security Management & Small Systems Security",
note = "IFIP TC11 WG11.1/WG11.2 8th Annual Working Conference on Information Security Management and Small Systems Security ; Conference date: 27-09-2001 Through 28-09-2001",
}