Abstract
An application information system (IS) of public or private organization should be developed securely and cost-effectively by using security engineering and software engineering technologies, as well as a security requirement specification (SRS). We present a SRS-Process that is a development process for SRS of IS, and a SRS-Tool that is a development tool for SRS in accordance with the SRS-Process. Our approach is based on the paradigm of Common Criteria (ISO/IEC 15408), that is an international evaluation criteria for information security products, and PP which is a common security functional requirement specification for specific types of information security product.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Web site of CMVP, http://csrc.nist.gov/cryptval/
Web site of CCEVS, http://niap.nist.go/cc-scheme/index.html
CC, Common Criteria for Information Technology Security Evaluation, CCIMB- 2004-03, Version 2.2 (January 2004)
CEM, Common Methodology for Information Technology Security Evaluation (CEM), CCIMB-2004-01-04, Version 2.2 (January 2004)
ISO/IEC 17799, ISO/IEC 17799: 2000 - Code of Practice for Information Security Management, ISO17799/BS7799 (December 2000)
ISO/IEC TR 13335, Guidelines for the Management of IT Security (1998)
ISO/IEC PDTR 15446, Information technology - Security techniques - Guide for the production of protection profiles and security targets, Draft (April 2000)
Web site of FISMA project, http://csrc.nist.gov/sec-cert/
Barker, W.C.: NIST SP-800-60, Guide for Mapping Types of Information and information Systems to Security Categories (March 2004)
Ross, R., et al.: NIST SP-800-53, Recommended Security Controls for Federal Information Systems (October 2003)
NIAP, CC Toolbox Reference Manual, Version 6.0f (2000), http://niap.nist.gov/tools/cctool.html
NIAP List of Threat, Attack, Policy, Assumption, and Environment Statement Attribute, CC Profiling Knowledge base Report (2002)
Web site of KISA, http://www.kisa.or.kr/
Web site of FAA, http://www.faa.gov/SciefSci/
UK IT Security Evaluation and Certification Scheme, SYSn Assurance Packages Framework, Issue 1.0 (September 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choi, Ss., Chae, Sy., Lee, Gs. (2005). SRS-Tool: A Security Functional Requirement Specification Development Tool for Application Information System of Organization. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_48
Download citation
DOI: https://doi.org/10.1007/11424826_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25861-2
Online ISBN: 978-3-540-32044-9
eBook Packages: Computer ScienceComputer Science (R0)