The SRM provides a framework for classifying security risks and vulnerability. The SRM is the only reference model linked to all other reference models.

According to surveys conducted by Iranian agencies, security is designed and implemented using a reactive approach. Therefore, there will be a number of complex technical solutions developed based on personal experience. In addition, the agencies do not consider huge cost of applying security strategies. To resolve the mentioned problems, the national SRM is proposed to help agencies in defining a security architecture.

Four main areas of the national SRM are:

  • Data
  • Software
  • Infrastructure
  • People

Supportive layers are:

  • Requirements
  • Principles, strategies, and policies
  • Security analysis

  • Risk management