Reference Model of Information Assurance and Security

From EverybodyWiki Bios & Wiki

A Reference Model of Information Assurance and Security (RMIAS)

The Reference Model of Information Assurance and Security (RMIAS)[1] is a comprehensive overview of the Information Assurance and Security domain. The RMIAS promotes a comprehensive approach to Information Assurance and Security. It is independent of technology and may be applied by an organisation of any size in any domain.

The RMIAS has been developed on the basis of the extensive analysis of the Information Security (InfoSec) and Information Assurance (IA) literature, and a systematic analysis of the existing models of InfoSec and IA. The RMIAS is a synthesis of the existing knowledge of the IAS domain. Some of the models of InfoSec and IA that lay in the foundation of the RMIAS are the CIA triad, McCumber's Cube and Maconachy et al. Model of IA.

The RMIAS has implications for education, research and practice. The RMIAS may be used for the development of Information Security Policy Document, its structuring and omissions identification.[1] The RMIAS may be used for structuring InfoSec thinking in an organisation. It provides a framework for cataloguing the existing research in the domain. The RMIAS enables newcomers to the IAS domain to get faster appreciation of the complexity and diverse nature of the domain.

The RMIAS encompasses four dimensions: Security Development Life Cycle; Information Taxonomy, Security Goals and Security Countermeasures Dimensions.[1] The interconnections between the dimensions are illustrated with arrows.

The RMIAS embraces as one of its dimensions the IAS-octave - a set of eight security goals including Confidentiality, Integrity, Availability, Accountability, Non-repudiation, Auditability, Authenticity & Trustworthiness and Privacy. The IAS-octave replaces the CIA-triad as a comprehensive set of security goals.[2] The IAS-octave was developed based on the extensive analysis of IAS and system engineering literature, and evaluated via interviews with IAS experts.

The RMIAS was adopted as basis for a security extension for BPMN.[3][4] The aspect of security related to cloud computing were identified using the RMIAS.[5]

The RMIAS is published under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.


  1. 1.0 1.1 1.2 Cherdantseva, Y.; Hilton, J., "A Reference Model of Information Assurance & Security," Availability, Reliability and Security (ARES), 2013 Eighth International Conference on , pp.546-555, 2-6 Sept. 2013 doi: 10.1109/ARES.2013.72
  2. Salnitri, M., Dalpiaz F., and Giorgini P.. "Modeling and verifying security policies in business processes." Enterprise, Business-Process and Information Systems Modeling. Springer Berlin Heidelberg, 2014. 200-214.
  3. Salnitri, Mattia, and Paolo Giorgini. "Modeling and Verification of ATM Security Policies with SecBPMN."
  4. Salnitri, Mattia, and Paolo Giorgini. "Transforming Socio-Technical Security Requirements in SecBPMN Security Policies."
  5. Zalazar et al.. "Aspectos Contractuales de Cloud Computing." CIIDDI 2014

This article "Reference Model of Information Assurance and Security" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.