Determining Communication and Information Security Requirements

  • Article

After you establish your security goals, determine what levels of security are required for specific types of information to meet your goals. This involves the following activities:

  • Creating information and communication scenarios that reflect the types of information you must protect and the flow of information between entities on your networks.

  • Determining the security levels that are required for each scenario.

  • Defining the technical requirements for meeting the security goals.

For example, you might develop three different scenarios that reflect the information transfer in your company. One scenario might be private e-mail communication between executive staff members. A second scenario might be Web-based project collaboration and information sharing for classified product development projects. A third scenario might be network traffic and communication between members of the legal department.

In the first scenario, you might determine that communication between executive staff members requires secure, confidential e-mail messages that can be read only by the executive staff and a few other approved staff. You might also determine that the technology that is implemented must be strong and safe from attacks.

In the second scenario, you might determine that only approved members of the project team can have access to Web site content. You might also determine that some types of highly classified information require very secure protection when they are transmitted over the network.

In the third scenario, you might determine that all network traffic between computers in the legal department must be very securely protected. You might also determine that communication with computers outside the legal department is not to be allowed.

On the basis of the requirements that you identify during this process, you can choose security measures that meet your requirements at the acceptable level of risk and acceptable level of cost.