The security information can be understood like the capability of the information system to resist all the accidents or deliberate actions, with Evaluation Assurance Levels (EAL)[1] as defined in international standards ISO/IEC 15408. These put in danger of the availability, integrity, and confidentiality of stored or transmitted data and the corresponding services that these networks and syste...

The emerging ISO/IEC 29110 standard Lifecycle profiles for Very Small Entities has at its core a Management and Engineering Guides which is targeted at very small entity (enterprise, organization, department or project) having up to 25 people, to assist them unlock the potential benefits of using standards which are specifically designed to address there needs. The developers of the standard, I...

Camellia was selected as a recommended cryptographic primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and Encryption) project [NESSIE] and was included in the list of cryptographic techniques for Japanese e-Government systems that was selected by the Japan CRYPTREC (Cryptography Research, Evaluation Committees) [CRYPTREC]. Camellia has been submitted to several other s...

Web Services (WS) are an alternative to the lack of interoperability of applications, to facilitate integration via Service Oriented Architecture (SOA). The main goal of this paper is to establish a correspondence between three WS-related standards, WSA (Web Services Architecture) representing industrial and marketing requirements, ISO/IEC 9126-1 quality model to specify standard quality requir...

The ISO/IEC 29110 standard: Lifecycle profiles for Very Small Entities, provides several Process Reference Models applicable to the vast majority of very small entities (defined by the ISO as “an entity (enterprise, organization, department or project) having up to 25 people”) which do not develop critical software and share typical situational factors. An ISO/IEC 29110 pilot project has been e...

Since 2005, the international organization for standardization (ISO) has published a wealth of standards and reports that deal with requirements engineering for systems. ISO/IEC/IEEE 24765 defines a standard vocabulary for systems and software engineering. ISO/IEC 24766 defines requirements for requirements engineering tools. ISO/IEC/IEEE 29148 describes processes for requirements engineering. ...

Two complementary standards are compared, both of which are concerned with the production of quality software. One, IEC 61508, is concerned with the safety of software intensive systems and the other, ISO/IEC TR 15504, takes a process view of software capability assessment. The standards are independent, though both standards build on ISO/IEC 12207. The paper proposes a correspondence between t...

Although a classic staged maturity framework with 5 levels was introduced by W. S. Humphrey back in 1988, its basic ideas remain essentially unchanged and they are still employed in CMMI and other maturity models. ISO/IEC 15504, formerly known as SPICE, has promoted a continuous model for process capability assessment. Not long ago SPICE community recognized the benefits of a staged representat...

[Context] The requirements baseline is an agreed-upon set of desired product features committed to a specific release. It determines intraand interproject planning and involved performance assessment. [Problem] To establish a credible baseline, one which fits into the limits e.g. time box of the project and which satisfies user expectations, a reasonable choice of requirements must be made. Thi...

Nowadays, information systems constitute a crucial part of organizations; by losing security, these organizations will lose plenty of competitive advantages as well. The core point of information security (InfoSecu) is risk management. There are a great deal of research works and standards in security risk management (ISRM) including NIST 80030 and ISO/IEC 27005. However, only few works of rese...