Security excellence from a total quality management approach

This paper focuses on the synergy of business and security requirements to create a holistic methodology or approach. The integration revolves around the concept of total quality management to measure the security posture and is based on the premise that security requirements must be aligned and fused with the business' objectives. The postulated security methodology has extended the total quality management and business excellence philosophies to create a new security excellence approach. The American National Institute of Standards and Technology's metrics are used as benchmarks to determine the security areas that should be addressed while the European Framework for Quality Management is used to reflect the integration with the National Institute of Standards and Technology's metrics and to represent the domains in a business excellence approach. The fusion is then extended to the Control Objectives for Information and Related Technology and, finally, to the international Standard ISO/IEC 17799 (Information technology - security techniques - Code of practice for information security management) to depict the merger between security and business domains along a TQM approach and to be transferable to any standard or regulation by being able to incorporate acceptable security requirements into the underlying framework.