Abstract: A security assessment method for assessing security of a computerized system under development, the system including assets and being managed in accordance with an organization policy, the method including providing an organizational computerized system development policy; classifying said assets in said system under development, thereby to generate asset classification information; and automated creation of at least one security requirement based on said asset classification information and said organization policy.

Abstract: A security assessment method for assessing security of a computerized system under development, the system including assets and being managed in accordance with an organization policy, the method including providing an organizational computerized system development policy; classifying said assets in said system under development, thereby to generate asset classification information; and automated creation of at least one security requirement based on said asset classification information and said organization policy.

Abstract: A method and software system for Security and CIP Professionals (CIP) that addresses the shortcomings in today's Critical Infrastructure Protection (CIP) methods, and offers a new security assessment methodology equipped to meet the present challenges of CIP, as well as future challenges. The method is based on an End-to-End Security Assessment (EESA) that provides a wide examination of system information flows. The method disclosed is for implementing end-to-end security assessment (EESA) for use by Security and CIP professionals for large, complex, critical infrastructure (LCCI) systems. The first step of the method is determining security policy and sensitivity levels of data.