Advanced Security Assurance Case Based on ISO/IEC 15408
نویسندگان
چکیده
Assessment and assurance of conformity with regulation documents assumes significant cost in modern economies. Demonstration of compliance with security standards involves providing evidence that the standards’ security criteria are met in full substantiating appropriate decision. Nevertheless despite its importance such type of activity haven't been addressed adequately by the available solutions and the tool support given to conformity assessment and assurance processes is rather poor. International standards do not contain any formal technique for security evaluation, what makes performing evaluation process complicated and one-sided. In the article the approach to the security assurance evaluation Advanced Security Assurance Case (ASAC) is proposed based on refined definition of existed assurance case structure.
منابع مشابه
A Study of Security Policy Making Adaptable to Users' Environments Based on International Standards
The security information can be understood like the capability of the information system to resist all the accidents or deliberate actions, with Evaluation Assurance Levels (EAL)[1] as defined in international standards ISO/IEC 15408. These put in danger of the availability, integrity, and confidentiality of stored or transmitted data and the corresponding services that these networks and syste...
متن کاملNavigating the Information Security Landscape: Mapping the Relationship Between ISO 15408: 1999 and ISO 17799: 2000
It is crucial for corporations operating in a multinational economy to have a seamless understanding of the security process. For information assurance, ISO 15408:1999 (i.e. Common Criteria) and ISO 17799:2000 are the key standards, both of which are needed for implementing a global approach to security. They provide a definition of the necessary elements of the process as well as the basis for...
متن کاملIntelligent Sensors Security
The paper is focused on the security issues of sensors provided with processors and software and used for high-risk applications. Common IT related threats may cause serious consequences for sensor system users. To improve their robustness, sensor systems should be developed in a restricted way that would provide them with assurance. One assurance creation methodology is Common Criteria (ISO/IE...
متن کاملThe NIST Process Control Security Requirements Forum (PCSRF) and the Future of Industrial Control System Security
This paper will provide an overview of the Process Control Security Requirements Forum (PCSRF) and the System Protection Profile for Industrial Control Systems (SPP-ICS) document. The SPP-ICS presents a cohesive, crossindustry, baseline set of security requirements for new industrial process control systems. It is based on the ISO/IEC 15408 Common Criteria, a widely used standard for defining t...
متن کاملSelecting Web Services with Security Compliances: A Managerial Perspective
This paper proposes a framework of a decision support system (DSS) for the assessment process of selecting Web services with security compliances consistent with the enterprise business goal. The proposed DSS framework is a systematic assessment model which could aid IS managers in making decision on which Web services would most likely meet the security requirements of their information system...
متن کامل