ABSTRACT
Ascribing the appropriate countermeasures to protect
information flows should proceed from a logical frame-
work, which considers several important elements.
Utilizing a framework enables the possibility for consis-
tent application of the elements and repeatability for
organizational processes. Fig. 1 proposes one framework
useful for selecting the appropriate controls for informa-
tion flows. The essential elements concentrically dis-
played in the figure from the center out include data,
subjects, information flows, security services, and coun-
termeasures. Each element can also be described as a
series of questions that allows a logical progression
from data to protection. In this regard, it can be asked,
with respect to:
Data: What must be protected? Critical and sensitive information within any of the system
states that requires protection should be explicitly
identified.
