An Empirical Study of Quality and Cost Based Security Engineering
For reliability and confidentiality of information security systems, the security engineering methodologies are accepted in many organizations. A security institution in Korea faced the effectiveness of security engineering. To solve the problems of security engineering, the institution creates a security methodology called ISEM, and a tool called SENT. This paper presents ISEM methodology considering both product assurance and production processes take advantages in terms of quality and cost. ISEM methodology can make up for the current security engineering methodology. For support ISEM methodology, SENT tool, which is operated in Internet, support the production processes and the product assurances which ISEM demands automatically.
KeywordsTarget System Inference Engine Granularity Level Security Mechanism Risk Process
Unable to display preview. Download preview PDF.
- 1.Software Engineering Institute, Carnegie Mellon Univ.: SSE-CMM Appraisal Method, V.2.0 (1999)Google Scholar
- 2.Department of Defense: Trusted Computer System Evaluation Criteria, DoD 5200.28- STD (1985)Google Scholar
- 3.European Commission: Information Technology Security Evaluation Criteria (ITSEC) (1992)Google Scholar
- 5.Hefner, R., Monroe, W.: System Security Engineering Capability Maturity Model. In: Conference on Software Process Improvement (1997)Google Scholar
- 6.ISO/IEC: Common Criteria for Information Technology Security Evaluation Part 3: Security Assurance Requirements Version 2.1 (1999)Google Scholar
- 7.ISO/IEC: Common Methodology for Information Technology Security Evaluation Part 2: Evaluation Methodology Version 1.0 (1999)Google Scholar
- 11.Wood, C., Snow, K.: ISO 9000 and information Security. Computer & Security 14(4), 287–288 (1995)Google Scholar