The aim of this guide (2010) by the CPNI (Centre for the Protection of National Infrastructure) is to ensure that appropriate security measures are recommended to manage the risk to a level acceptable to all stakeholders. It introduces the concept of a structured methodology for determining the security requirements. Before conducting an Operational Requirement you should identify the threat to your organisation or site. The procedure has been broken down into two parts: The Level 1 Operational Requirement provides a statement of the overall security need and includes the site to be considered, asset description, perceived threat, consequence of compromise, perceived vulnerabilities, and success criteria. The Level 2 addresses individual security measures in a similar fashion to the Level 1 procedure, but which together provide the basis for a fully integrated security solution. Checklists and flowcharts are given for a wide range requirements.
Guide to Producing Operational Requirements for Security Measures
0626-CPNI-2010-Guide-to-Producing-Operational-Requirements-for-Security-Measures.pdf (PDF, 284 KB)
- 1 February 2010