In this paper we present an approach for specifying respect to security. When an organization wants to secure and prioritizing information security requirements in organiza- its systems, it must first determine what requirements to tions. We propose to explicitly link security requirements with the meet. Given that organizations normally have limited resources organization's business vision, i.e. to provide business rationale t. Giventhatoraitis norally im itederercefor security requirements. The rationale is then used as a basis to rotect their assets t S equally important to determine for comparing the importance of different security requirements. which requirements are more important and thus should be Furthermore we discuss how to integrate the aforementioned prioritized. To achieve this, we propose to use a conceptual solution concepts into a service level management process for framework where security requirements are linked to the security services, which is an important ...