A novel model for security evaluation for compliance

Abstract

With the increasing focus on security in information systems, it is becoming necessary to be able to describe and compare security attributes for different technologies. Existing are well-described and comprehensive, but expensive and resource demanding to apply. The Security Evaluation for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well as a comparison with existing methods.