To assess effectively the security needs of an organization and to evaluate and choose various security products and policies, the manager responsible for com- puter and network security needs some systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. This is difficult enough in a centralised data processing environment; with the use of local and wide area networks, the problems are compounded.