A Study of Security Policy Making Adaptable to Users' Environments Based on International Standards

The security information can be understood like the capability of the information system to resist all the accidents or deliberate actions, with Evaluation Assurance Levels (EAL)[1] as defined in international standards ISO/IEC 15408. These put in danger of the availability, integrity, and confidentiality of stored or transmitted data and the corresponding services that these networks and systems offer or make accessible. In this paper, we propose a security policy making flexibly adaptable to users’ environments to defend them against the information system environment threats. This proposed model allows a user to select the appropriate policy agile and effectively according to the user’s environment. This threats-policy relationship is based on ISO/IEC TR 15446. At the same time, this model allows the user to select the appropriate systems or products evaluated by Common Criteria (CC) or ISO/IEC 15408.