Abstract
This research is intended to develop the system security process. The IT products like as firewall, IDS (Intrusion Detection System) and VPN (Virtual Private Network) are made to perform special functions related to security, so the developers of these products or systems should consider many kinds of things related to security not only design itself but also development environment to protect integrity of products. When we are making these kinds of software products, ISO/IEC TR 15504 may provide a framework for the assessment of software processes, and this framework can be used by organizations involved in planning, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of software. But, in the ISO/IEC TR 15504, considerations for security are relatively poor to other security-related criteria such as ISO/IEC 21827 or ISO/IEC 15408 [10-12]. In this paper we propose some measures related to development process security by analyzing the ISO/IEC 21827, the Systems Security Engineering Capability Maturity Model (SSE-CMM) and ISO/IEC 15408, Common Criteria (CC). And we present a Process of Security for ISO/IEC TR 15504. This enable estimation of development system security process by case study.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO. ISO/IEC TR 15504-1: 1998 Information technology – Software process assessment – Part 1: Concepts and introductory guide
ISO. ISO/IEC TR 15504-2: 1998 Information technology – Software process assessment – Part 2: A reference model for processes and process capability
ISO. ISO/IEC TR 15504-3: 1998 Information technology – Software process assessment – Part 3: Performing an assessment
ISO. ISO/IEC TR 15504-4: 1998 Information technology – Software process assessment –Part 4: Guide to performing assessments
ISO. ISO/IEC TR 15504-5:1998 Information technology – Software process assessment –Part 5: An assessment model and indicator guidance
ISO. ISO/IEC TR 15504-6: 1998 Information technology – Software process assessment – Part 6: Guide to competency of assessors
ISO. ISO/IEC TR 15504-7: 1998 Information technology – Software process assessment –Part 7: Guide for use in process improvement
ISO. ISO/IEC TR 15504-8: 1998 Information technology – Software process assessment –Part 8: Guide for use in determining supplier process capability
ISO. ISO/IEC TR 15504-9: 1998 Information technology – Software process assessment – Part 9: Vocabulary
ISO. ISO/IEC 15408-1: 1999 Information technology - Security techniques – Evaluation criteria for IT security - Part 1: Introduction and general model
ISO. ISO/IEC 15408-2: 1999 Information technology - Security techniques – Evaluation criteria for IT security - Part 2: Security functional requirements
ISO. ISO/IEC 15408-3: 1999 Information technology - Security techniques – Evaluation criteria for IT security - Part 3: Security assurance requirements
Kim, T.-H., No, B.-G., Lee, D.-c.: Threat Description for the PP by Using the Concept of the Assets Protected by TOE. In: Sloot, P.M.A., Abramson, D., Bogdanov, A.V., Gorbachev, Y.E., Dongarra, J., Zomaya, A.Y. (eds.) ICCS 2003. LNCS, vol. 2660, pp. 605–613. Springer, Heidelberg (2003)
Lee, E.-s., Lee, K.W., Lee, K.: KeunLee Design Defect Trigger for Software Process Improvement. Springer, Heidelberg (2004)
Lee, H.-y., Jung Dr., H.-W., Chung, C.-S., Lee, K.W., Jeong, H.J.: Analysis of Interrater Agreement In ISO/IEC 15504-based Software Process Assessment1. In: the second Asia Pacific Conference on Quality Software (APAQS2001), Hong Kong, December 10-11 (2001)
Lee, E.-s., Lee, K.W., Kim, T.-h., Jung, I.-H.: Introduction and evaluation of development system security process of ISO/IEC TR 15504. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 451–460. Springer, Heidelberg (2004)
Lee, E.-s., Kim, T.-h.: Development site security process of ISO/IEC TR 15504. In: Negoita, M.G., Howlett, R.J., Jain, L.C. (eds.) KES 2004. LNCS (LNAI), vol. 3215, pp. 60–66. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, Es., Lee, M. (2005). Development System Security Process of ISO/IEC TR 15504 and Security Considerations for Software Process Improvement. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_38
Download citation
DOI: https://doi.org/10.1007/11424826_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25861-2
Online ISBN: 978-3-540-32044-9
eBook Packages: Computer ScienceComputer Science (R0)