Abstract
Physical protection of a laboratory must be built according to many stringent standards, criteria, and guidelines which are often general and difficult to apply in practice. This is a pity, because many organizations may save a lot of time, money and effort if they had a way of selecting the right security measures at the beginning of a process. Introducing a simple evaluation method of safeguards into requirements analysis can dramatically facilitate the designing phase of the lab’s physical security. In the result, more institutions would decide to cope with the problem of fulfilling security requirements by choosing concrete solutions within the assumed budget.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
CCRA – Arrangement on the Recognition of Common Criteria Certificates. In the field of Information Technology Security. http://www.commoncriteriaportal.org/ccra/. Accessed 6 Dec 2018
Common Methodology for Information Technology Security Evaluation – Evaluation Methodology. CCMB-2017-04-004. CCMB-2017-04-004, Version 3.1, Revision 5, April 2017
Common Criteria for Information Technology Security Evaluation. Part 1: Introduction and general model, CCMB-2017-04-001, Version 3.1, Revision 5, April 2017
Common Criteria for Information Technology Security Evaluation. Part 2: Security functional components. CCMB-2017-04-002, Version 3.1, Revision 5, April 2017
Common Criteria for Information Technology Security Evaluation. Part 3: Security assurance components. CCMB-2017-04-003, Version 3.1, Revision 5, April 2017
Dziennik Ustaw Rzeczypospolitej Polskiej, Poz. 683, Rozporzadzenie Rady Ministrow z dnia 29 maja 2012 r. w sprawie srodkow bezpieczeństwa fizycznego stosowanych do zabezpieczania informacji niejawnych. Warszawa, dnia 19 czerwca 2012 r., z późniejszymi zmianami
IEC/ISO 15408-1:2009(E) Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model (2009)
IEC/ISO 15408-2:2008(E) Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional components (2008)
IEC/ISO 15408-3:2008(E) Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance components (2008)
IEC/ISO 17025:2005 General requirements for the competence of testing and calibration laboratories (2005)
IEC/ISO 17065:2012 Requirements for bodies certifying products, processes and services (2012)
IEC/ISO 18045:2008 – Information technology – Security techniques – Methodology for IT security evaluation (2008)
Joint Interpretation Library. Minimum Site Security Requirements, Version 2.1 (for trial use), December 2017
SOG-IS MRA – Mutual Recognition Agreement of Information Technology Security Evaluation Certificates, version 3.0. Final version 8 January 2010. https://www.sogis.org/uk/mra_en.html. Accessed 6 Dec 2018
Rogowski, D.: Identification of information technology security issues specific to industrial control systems. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) DepCoS-RELCOMEX 2018. AISC, vol. 761, pp. 400–408. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-91446-6_37
Rogowski, D.: Software support for common criteria security development process on the example of a data diode. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) Proceedings of the Ninth International Conference on Dependability and Complex Systems DepCoS-RELCOMEX. 30 June–4 July 2014, Brunów, Poland. AISC, vol. 286, pp. 363–372. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07013-1_35
The Common Criteria Homepage. http://www.commoncriteriaportal.org/. Accessed 5 Dec 2018
The KSO3C project web page. https://www.kso3c.pl/. Accessed 6 Dec 2018
Acknowledgements
I would like to thank my co-author colleagues for their help in preparing this paper. The article is financed within the project “National schema for the security and privacy evaluation and certification of IT products and systems compliant with Common Criteria (KSO3C)”. The KSO3C project is financed from the National Centre for Research and Development (NCBR) national programme “Cybersecurity and e-Identity”, Contract ID: CYBERSECIDENT/381282/II/ NCBR/2018.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rogowski, D., Kurianowicz, R., Bagiński, J., Pietrzak, R., Flisiuk, B. (2019). Building Security Evaluation Lab - Requirements Analysis. In: Kozielski, S., Mrozek, D., Kasprowski, P., Małysiak-Mrozek, B., Kostrzewa, D. (eds) Beyond Databases, Architectures and Structures. Paving the Road to Smart Data Processing and Analysis. BDAS 2019. Communications in Computer and Information Science, vol 1018. Springer, Cham. https://doi.org/10.1007/978-3-030-19093-4_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-19093-4_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19092-7
Online ISBN: 978-3-030-19093-4
eBook Packages: Computer ScienceComputer Science (R0)