Relevant information security characteristics (Based on needs for information security assessment)

There is a need to be able to comprehend the status of the information security. To transform this general need into more specific needs require careful analysis. Moreover, when needs have been detected security metrics schemes have to be designed to satisfy these needs. A central issue is to define what information security include. To decide the information security characteristics corresponding to the identified security assessment needs is a possible approach to define information security in the current context. In this report, a structure of information security assessment needs is presented. The structure is built through an analysis of statements extracted from interviews with personnel and documentation from an agency. Based on the structure of needs, a structure of relevant information security characteristics is formed. These information security characteristics can be used as a basis for the design of an information security metrics scheme.