Title :
A CC-based security engineering process evaluation model
Author :
Lee, Jongsook ; Lee, Jieun ; Lee, Seunghee ; Choi, Byoungju
Author_Institution :
Dept. of Comput. Sci. & Eng., Ewha Woman´´s Univ., Seoul, South Korea
Abstract :
Common criteria (CC) provides only the standard for evaluating information security product or system, namely target of evaluation (TOE). On the other hand, SSE-CMM provides the standard for security engineering process evaluation. Based on the CC, TOE´s security quality may be assured, but its advantage is that the development process is neglected. SSE-CMM seems to assure the quality of TOE developed in an organization equipped with security engineering process, but the TOE developed in such environment cannot avoid CC-based security assurance evaluation. We propose an effective method of integrating two evaluation methods, CC and SSE-CMM, and develop CC-based assurance evaluation model, CC_SSE-CMM. CC_SSE-CMM presents the specific and realistically operable organizational security process maturity assessment and CC evaluation model.
Keywords :
security of data; software performance evaluation; software process improvement; CC evaluation model; CC_SSE-CMM; CC-based assurance evaluation model; CC-based security engineering process evaluation; SSE-CMM; TOE; common criteria; information security; organizational security process; process maturity assessment; security assurance evaluation; security engineering process evaluation; target of evaluation; Computer crime; Computer science; IEC standards; ISO standards; Information security; Information systems; Personnel; Protection; Reliability engineering; SPICE;
Conference_Titel :
Computer Software and Applications Conference, 2003. COMPSAC 2003. Proceedings. 27th Annual International
Print_ISBN :
0-7695-2020-0
DOI :
10.1109/CMPSAC.2003.1245332
