Abstract
The aim of this study is to define security requirements (SR) of Information Technology (IT) product that is deployed on Cloud platform as Software as a Service (SaaS) for Malaysian government. This is critical in order to secure the product from information security threats such as malware attack, account hijacking, data leakage and at the same time, in line with government policy. It is important to address the SR as early as before the product acquisition to avoid any security incidents happen that will affect the government IT ecosystem. Hence, to help government officer from IT and procurement department in preparing security specification for acquisition or procurement exercise, we introduce OTPAF model, a novel approach for defining SR by connecting security components which are security objective (O), threat (T), policy (P), assumption (A) and functionality (F) in deriving a relational statement. First we acquire the government information security objectives and policies. Then cloud top threats and controls are referred to map altogether. Following that, we elicit the security functionality using Common Criteria (CC) approach and combines the components to become SR. Result presents how the conceptual model OTPAF and the values of the security components deriving to a relational statement that becoming SR.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
