Computer Standards & Interfaces
Computer Standards & Interfaces
A systematic review of security requirements engineering
Computer Standards & Interfaces
Appraisal and reporting of security assurance at operational systems level
Journal of Systems and Software
Taxonomy of quality metrics for assessing assurance of security correctness
Software Quality Control
Hi-index | 0.00 |
Common Criteria(CC) provides only the standard forevaluating information security product or system, namelyTarget of Evaluation (TOE). On the other hand, SSE-CMMprovides the standard for Security Engineering ProcessEvaluation. Based on the CC, TOE's security quality maybe assured, but its disadvantage is that the developmentprocess is neglected. SSE-CMM seems to assure thequality of TOE developed in an organization equipped withsecurity engineering process, but the TOE developed insuch environment cannot avoid CC-based securityassurance evaluation.We propose an effective method of integrating twoevaluation methods, CC and SSE-CMM, and develop CC-based assurance evaluation model, CC_SSE-CMM.CC_SSE-CMM presents the specific and realisticallyoperable organizational security process maturityassessment and CC evaluation model.