Ontological Mapping of Common Criteria's Security Assurance Requirements
نویسندگان
چکیده
The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool, which is based on an ontological representation of the CC catalog, to support the evaluator at the certification process. Tasks such as the planning of an evaluation process, the review of relevant documents or the creating of reports are supported by the CC Ontology tool. With the development of this tool we reduce the time and costs needed to complete a certification.
منابع مشابه
A Common Criteria-Based Team Project for High Assurance Secure Systems
Most courses in information security do not provide students with practical experience in high assurance development. To complement a course in secure systems that focuses on foundational principles of constructive security, a laboratory project that requires students to work in teams while meeting Common Criteria Evaluation Assurance Level (EAL) 6 assurance requirements has been created. The o...
متن کاملMerging Safety and Assurance: The Process of Dual Certification for Software
This paper describes a process of dual certification for software that meets both FAA safety requirements and NIST/NSA security requirements. The commercial avionics industry depends on RTCA DO-178B, for software assurance while security products are evaluated according to the Common Criteria. The two sets of requirements from DO-178B and the Common Criteria are assessed for similarity of funct...
متن کاملThe Revolutions of 2011-2012 in the Arabic Countries and Ontological Security of Israel
This paper seeks to examine the effect of the revolutions of 2011-2012 in the Arabic countries of the Middle East and North Africa (MENA) on Israeli regime's ontological security and its strategy of closure and deviation in the regional level. In other word, the paper tries to find the challenges the ontological security and identity of Israel is facing with after the occurrence of the awakenin...
متن کاملBuilding Decision Support Problem Domain Ontology from Natural Language Requirements for Software Assurance
The process of engineering software-intensive systems that comply with their Certification and Accreditation (C&A) requirements involves many critical decision-making activities for the related stakeholders. Considering the exhaustive nature of C&A activities together with the complexity of software-intensive systems, effective decision making relies heavily on the ways to understand and struct...
متن کاملA Framework for Evaluation of Information Systems Security
Evaluating information systems security is a process which involves identifying, gathering, and analysing security functionality and assurance level against criteria. This can result in a measure of trust that indicates how well the system meets a particular security target. It is desirable that the trust one can have on system is measurable and quantifiable through out the systems life cycle. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007