Skip to main content
SpringerLink
Log in

Development System Security Process of ISO/IEC TR 15504 and Security Considerations for Software Process Improvement

  • Conference paper
Book cover Computational Science and Its Applications – ICCSA 2005 (ICCSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3481))

Included in the following conference series:

Abstract

This research is intended to develop the system security process. The IT products like as firewall, IDS (Intrusion Detection System) and VPN (Virtual Private Network) are made to perform special functions related to security, so the developers of these products or systems should consider many kinds of things related to security not only design itself but also development environment to protect integrity of products. When we are making these kinds of software products, ISO/IEC TR 15504 may provide a framework for the assessment of software processes, and this framework can be used by organizations involved in planning, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of software. But, in the ISO/IEC TR 15504, considerations for security are relatively poor to other security-related criteria such as ISO/IEC 21827 or ISO/IEC 15408 [10-12]. In this paper we propose some measures related to development process security by analyzing the ISO/IEC 21827, the Systems Security Engineering Capability Maturity Model (SSE-CMM) and ISO/IEC 15408, Common Criteria (CC). And we present a Process of Security for ISO/IEC TR 15504. This enable estimation of development system security process by case study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ISO. ISO/IEC TR 15504-1: 1998 Information technology – Software process assessment – Part 1: Concepts and introductory guide

    Google Scholar 

  2. ISO. ISO/IEC TR 15504-2: 1998 Information technology – Software process assessment – Part 2: A reference model for processes and process capability

    Google Scholar 

  3. ISO. ISO/IEC TR 15504-3: 1998 Information technology – Software process assessment – Part 3: Performing an assessment

    Google Scholar 

  4. ISO. ISO/IEC TR 15504-4: 1998 Information technology – Software process assessment –Part 4: Guide to performing assessments

    Google Scholar 

  5. ISO. ISO/IEC TR 15504-5:1998 Information technology – Software process assessment –Part 5: An assessment model and indicator guidance

    Google Scholar 

  6. ISO. ISO/IEC TR 15504-6: 1998 Information technology – Software process assessment – Part 6: Guide to competency of assessors

    Google Scholar 

  7. ISO. ISO/IEC TR 15504-7: 1998 Information technology – Software process assessment –Part 7: Guide for use in process improvement

    Google Scholar 

  8. ISO. ISO/IEC TR 15504-8: 1998 Information technology – Software process assessment –Part 8: Guide for use in determining supplier process capability

    Google Scholar 

  9. ISO. ISO/IEC TR 15504-9: 1998 Information technology – Software process assessment – Part 9: Vocabulary

    Google Scholar 

  10. ISO. ISO/IEC 15408-1: 1999 Information technology - Security techniques – Evaluation criteria for IT security - Part 1: Introduction and general model

    Google Scholar 

  11. ISO. ISO/IEC 15408-2: 1999 Information technology - Security techniques – Evaluation criteria for IT security - Part 2: Security functional requirements

    Google Scholar 

  12. ISO. ISO/IEC 15408-3: 1999 Information technology - Security techniques – Evaluation criteria for IT security - Part 3: Security assurance requirements

    Google Scholar 

  13. Kim, T.-H., No, B.-G., Lee, D.-c.: Threat Description for the PP by Using the Concept of the Assets Protected by TOE. In: Sloot, P.M.A., Abramson, D., Bogdanov, A.V., Gorbachev, Y.E., Dongarra, J., Zomaya, A.Y. (eds.) ICCS 2003. LNCS, vol. 2660, pp. 605–613. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  14. Lee, E.-s., Lee, K.W., Lee, K.: KeunLee Design Defect Trigger for Software Process Improvement. Springer, Heidelberg (2004)

    Google Scholar 

  15. Lee, H.-y., Jung Dr., H.-W., Chung, C.-S., Lee, K.W., Jeong, H.J.: Analysis of Interrater Agreement In ISO/IEC 15504-based Software Process Assessment1. In: the second Asia Pacific Conference on Quality Software (APAQS2001), Hong Kong, December 10-11 (2001)

    Google Scholar 

  16. Lee, E.-s., Lee, K.W., Kim, T.-h., Jung, I.-H.: Introduction and evaluation of development system security process of ISO/IEC TR 15504. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 451–460. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  17. Lee, E.-s., Kim, T.-h.: Development site security process of ISO/IEC TR 15504. In: Negoita, M.G., Howlett, R.J., Jain, L.C. (eds.) KES 2004. LNCS (LNAI), vol. 3215, pp. 60–66. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TQMS, 370 Dangsan-dong 3ga, Youngdeungpo-gu, Seoul, Korea

    Eun-ser Lee

  2. School of Electronics & Information Engineering, Chonbuk National University, 664-14, DeokJin-dong, JeonJu, ChonBuk, Korea

    Malrey Lee

Authors
  1. Eun-ser Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Malrey Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, P.O. Box, I-06123, Perugia, Italy

    Antonio Laganà

  5. Institute of High Performance Computing, IHCP, 1 Science Park Road, 01-01 The Capricorn, Singapore Science Park II, 117528, Singapore

    Heow Pueh Lee

  6. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  7. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  8. OptimaNumerics Ltd, P.O. Box, Belfast, United Kingdom

    Chih Jeng Kenneth Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lee, Es., Lee, M. (2005). Development System Security Process of ISO/IEC TR 15504 and Security Considerations for Software Process Improvement. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_38

Download citation

  • DOI: https://doi.org/10.1007/11424826_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25861-2

  • Online ISBN: 978-3-540-32044-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation