ABSTRACT
The logical security architecture develops more detail to flesh out the bones of the conceptual framework that we developed at the second layer of the security architecture model. The logical layer is largely concerned with the functional view of security, defining a comprehensive set of functional requirements. The quality of information depends only on the content of the underlying data but also on the structure used to present the information and the analytical tools applied. Security policy is positioned at the logical layer of the security architecture model and is derived directly from drivers in the conceptual layer. The Business Attributes profile and the control objectives are strong drivers of security policy. A security policy defines what is meant by security within a security domain, the high-level rules for achieving this security and the activities that are to be authorized to achieve security objectives.
