Identification of IT security-relevant system characteristics

Information systems are continually integrated into increasingly wide-ranging distributed information systems. These systems are becoming difficult to comprehend and the design, implementation, operation, and maintenance are far from straightforward. To facilitate improved analysis and design methods for these systems, the security-level of systems need to be assessed with a greater precision than currently possible. For this purpose, a set of IT security-relevant system characteristics is required. Furthermore, identification of security-relevant characteristics is needed to support the formulation of adequate modeling techniques and the security requirements engineering processes. We describe an effort to find such a set of characteristics. The resulting set of characteristics contributes to all three tasks discussed above. To build the set of characteristics, four tasks (a literature study, a structured analysis, a brainstorm session, and a crosscheck) have been performed. The results include an initial set of security-relevant characteristics for distributed information systems and a structuring of the identified characteristics.