Monahan, Brian ; Gittler, Frederic ; Horne, William ; Shiu, Simon ; Baldwin, Adrian ; Dalton, Chris I. ; Goldsack, Patrick ; Taylor, Richard ; Tofts, Chris ; Yearworth, Mike
DBSy (Domain Based Security) is a set of notations and techniques developed by QinetiQ specifically for the UK MoD, a large distributed organisation. DBSy provides a way of describing and assessing business- driven information security requirements for network architectures. This focuses upon how the business requires information to be compartmentalised and how that might be achieved by strategic location of network-level security controls. In this paper we consider how DBSy-style modelling may be applied in a more commercial context of ICT (Information Communications Technology) services, defined and managed according to SLAs (Service Level Agreements). Although DBSy was not specifically designed to handle this situation, we discuss how ideas from DBSy can contribute to a broader security requirements and risk analysis approach that encompass the realm of ICT services and their management. We give a model of a commercial example in the style of DBSy and use that to illustrate our observations. 28 Pages