Abstract: Information security is a major domain of analysis for enhancing the security of sensitive detained business organizations. These days, attackers are advancing themselves by applying highly advanced technological solutions such as artificially intelligent malicious codes, advanced phishing methods and many others to acquire sensitive and critical data from businesses. This paper presents a novel model framework to analyze the requirements of information security for a more robust information system and its assets in organizations. The framework of this model is designed in such a fashion that both new and legacy organizations can adopt it to define the requirement of security that will ensure confidentiality, integrity and availability of information systems and their components - including sensitive domain business and private data that is critical to the organization. There are two different model frameworks which are proposed here. The first one provides specifications of the security requirements and the second provides for the audit of the access logs to capture any unethical practices and violations by internal users. The proposed model for security requirements provides the roadmap to analyze and build proper security requirements to secure business sensitive data. Stepwise processes which are needed to analyze and define security requirements are the key factors of this security model, as they help in clear definitions of security frameworks and infrastructure for an organization. The Audit Model provides the framework for defining information auditing requirements, thus enabling the capture of unethical and unauthorized access to the information system components of the organization.
Keywords: Information security; network security; web security; confidentiality; integrity; availability; communication technology; information system; internet security; security framework introduction