A CC-based Security Engineering Process Evaluation Model

Authors:
Jongsook Lee;Jieun Lee;Seunghee Lee;Byoungju Choi
Affiliations:
-;-;-;-
Venue:
COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
Year:
2003

Citing 0
Cited 5

A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards & Interfaces
Towards security requirements management for software product lines: A security domain requirements engineering process

Computer Standards & Interfaces
A systematic review of security requirements engineering

Computer Standards & Interfaces
Appraisal and reporting of security assurance at operational systems level

Journal of Systems and Software
Taxonomy of quality metrics for assessing assurance of security correctness

Software Quality Control

Quantified Score

Hi-index	0.00

Visualization

Abstract

Common Criteria(CC) provides only the standard forevaluating information security product or system, namelyTarget of Evaluation (TOE). On the other hand, SSE-CMMprovides the standard for Security Engineering ProcessEvaluation. Based on the CC, TOE's security quality maybe assured, but its disadvantage is that the developmentprocess is neglected. SSE-CMM seems to assure thequality of TOE developed in an organization equipped withsecurity engineering process, but the TOE developed insuch environment cannot avoid CC-based securityassurance evaluation.We propose an effective method of integrating twoevaluation methods, CC and SSE-CMM, and develop CC-based assurance evaluation model, CC_SSE-CMM.CC_SSE-CMM presents the specific and realisticallyoperable organizational security process maturityassessment and CC evaluation model.