Accuracy of the RMIAS

In Section 4.5, where the RMIAS is compared with its predecessors, it is demonstrated that the RMIAS is more accurate than other analysed models, since it includes a more detailed taxonomy of information and classification of security countermeasures, and embraces the broader set of security goals. The RMIAS also contributes to accuracy by underscoring the distinction between security goals and security countermeasures, and by outlining the interrelationships between the concepts of IAS.

In the interviews, two questions were intended to capture the opinion of the respondents with regard to the accuracy of the RMIAS:

• Question 6 - Are the classifications included in the model accurate (the information taxon-omy, the set of security goals and the types of security countermeasures)?

• Question 7 - Are the interrelationships between the elements of the model accurately de-scribed?

Answering question 6, eighteen out of twenty-six respondents agreed that the information taxon-omy, the set of security goals and the classification of security countermeasures are accurate.

Three respondents (respondents 4,5 and 19) were not confident and preferred not to answer this question. Four respondents found other dimensions as accurate, but did not feel that the informa-tion taxonomy is accurate and suggested to extend it:

Respondent 1: " The classifications encompass everything. All security goals are covered. The only thing that I would suggest is, in addition to sensitivity in the information taxonomy, take into account the purpose of use."

Respondent 2: "The list of security goals is comprehensive. I have a concern about the forms of information. There may be some additional leafs in this branch."

Respondent 25: "Yes, but I am not so happy with the taxonomy part though. This part is, in my opinion, relatively weak."

Respondent 26: "Seem adequate, but I wonder whether responsibility should also be included in the information taxonomy area."

One respondent although agreed with the accuracy of other classifications, expressed a concern about the set of security goals:

Respondent 23: "...the nuance differences between some of the security goals and the standard trio of confidentiality, availability and integrity are sometimes hard to see, e.g. trustworthiness and integrity."

The active discussions regarding security goals, which took place at every presentation and work-shop, highlight the importance of security goals in the IAS domain. Drawing on the number of

questions regarding security goals, the author expected to receive more critical feedback with re-gard to the IAS-octave. Despite the expectations, the analysis of the responses shows that only one respondent expressed concern about the overlap of goals (as quoted above).

The interrelationships between the dimensions in the RMIAS were perceived as accurate by four-teen respondents (question 7). Tree respondents (respondents 4,13 and 19) were not sure about their answers. Nine respondents perceived the interrelationships as inaccurate and provided the following comments:

Respondent 2: "The link between the first and the second dimensions is not clear."

Respondent 5: "No, it requires a supporting narrative. Looks like four models which can be linked."

Respondent 8: "The top left quadrant’s relationships with the adjacent quadrants was not overly clear to me."

Respondent 16: "Not quite."

Respondent 17: "Accurate, but incomplete as the relationships between the components of the different domains of the model are not visualised in detail."

Respondent 20: "No. This is where I think the problem is. A lot of it may be related to how we view the organisation and how we place the IAS in it."

Respondent 21: "No, as mentioned above I don’t think the interrelationship between the taxonomy and security goals quarters is accurate. I also think that in practice some analysis of the risks would be needed as well as the considerations about cost-effectiveness. Even with the prioritised security goals you will still have a very large list of risks and will need to identify which ones to tackle first."

Respondent 22: "We debated the issue of whether you can classify a document before knowing your security goals, plus the risk assessment aspect continues when selecting security mechanisms (not just cost-effectiveness), rather than at the security goals stage only."

Respondent 24: "I consider that the top arrow should read "The beginning of the information system life cycle" or at least "From an early stage ..." to emphasise the importance of IAS being an integral part of the information system life cycle. The Cost-Effectiveness sub label of the Se-lect Security Countermeasures arrow might be misinterpreted as cost-benefit. Perhaps the phrase

"cost-effectiveness analysis" would be more specific."

Among those who did not see the interrelationships as accurately described, three respondents (re-spondents 2,8 and 24) had doubt or suggested a clarification for the top arrow linking the security development life cycle and information taxonomy dimensions. Three respondents (respondents 21,22 and 24) suggested the clarification for the arrows linking the security goals and security countermeasures dimensions where the roles of risk analysis and cost-effectiveness analysis shall be pointed out. Two respondents (respondents 21 and 22) highlighted the inaccuracy of the link between the information taxonomy and security goals dimensions.

The additional elements suggested by the respondents such as responsibility and the purpose of use may be added to the Information Taxonomy of the RMIAS in the future. Regarding the comment provided by the Respondent 2, the analysis of the literature does not indicate that there is currently any other form of information apart from paper, verbal and electronic. However, it does not mean that is may not appear in future. Thus, for example, until first technical devices storing and trans-mitting information were created there was no information in electronic form. The advances of technology in future may give rise to additional forms of information in this case the RMIAS must be extended.

To address the comment of Respondent 23 regarding the differences between some of them, the justification of the inclusion of particular security goals in to the IAS-octave and the discussion of each particular goal are placed in Section 3.6 and Appendix A.6.