ABSTRACT
After reading this chapter, students are expected to achieve an understanding of:
What a security policy is What standards are What guidelines are How a role-based security policy methodology works What role-based policy requirements are How the corporate vital defense strategy (CVDS) works What CVDS requirements are How Raggad’s IS security taxonomy works How a security information system works How a security policy is designed based on CVDS How security policy flow diagrams (pfd) methodology works How security policy is designed based on computing environ-
ment partition How a security policy is designed based on computing boundaries How Benson’s security policy methodology works
5.1 Introduction This chapter starts with a presentation of Raggad’s information security taxonomy, which is the basis of policy flow diagrams (pfd) methodology of developing security
policy [5]. This taxonomy was published in 2000 at the 23rd National Information Systems Conference of under the title of “Corporate Vital Defense Strategy.” Even though it differs from most of the literature we present in this book, it provides a way of managing information security that may be effective for organizations that adopt a problem-based approach. Instead of adopting the information security life cycle as we have consistently done throughout this book, the corporate vital defense strategy discusses information security solutions in terms of attacks, their models, and their consequences.
