What’s Wrong With This Picture?

• Policy -- “an informal, generally natural language description of desired system behavior.”

• Requirement -- “A statement of the system behavior needed to enforce a given policy. Requirements are used to derive the technical specification of a system.”

• Specification -- “A technical description of the desired behavior of a system, as derived from its requirements. A specification is used to develop and test the implementation of a system.”

Source: Longley, Shain & Caelli, Information Security. Stockton Press, New York, 1992.

Previous slide

Next slide

Back to first slide

View graphic version