A model of security in open telecooperation
ULPAA '92 Proceedings of the IFIP TC6/WG6.5 international conference on Upper layer protocols, architectures and applications
A framework for dealing with and specifying security requirements in information systems
Information systems security
A common criteria framework for the evaluation of information technology systems security
SEC'97 Proceedings of the IFIP TC11 13 international conference on Information Security (SEC '97) on Information security in research and business
ODESSA: a new approach to healthcare risk analysis
SEC'97 Proceedings of the IFIP TC11 13 international conference on Information Security (SEC '97) on Information security in research and business
Organizational Modeling for Efficient Specification of Information Security Requirements
ADBIS '99 Proceedings of the Third East European Conference on Advances in Databases and Information Systems
Using Traces of Procedure Calls to Reason About Composability
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
At the first stage of the Common Criteria process for evaluating the security of information systems, organizational objectives for information security are translated into the specification of all relevant security functions of a becoming system. These specifications are then assessed to specify the subset to be implemented, and further evaluated. The second stage involves risk analysis or related technologies, and the evaluation phase is the major contribution of the common criteria. The derivation of security function specifications from security objectives is the area where further research is needed to provide pragmatic tools for supporting the task. This paper describes a mechanism, harmonization of information security requirements, that aids in this process.