Abstract
There are very many assurance methods and most of them are listed in the ISO/IEC 15443. The objective of ISO/IEC 15443 is to present a variety of assurance methods, and to guide the IT Security Professional in the selection of an appropriate assurance method (or combination of methods) to achieve confidence that a given IT security product, system, service, process or environmental factor satisfies its stated security assurance requirements. In the Part 2 of ISO/IEC 15443, many assurance methods and approaches proposed by various types of organizations are introduced, and in the Part 3 of ISO/IEC 15443, Analysis of Assurance Methods, various assurance methods are analyzed with respect to relationships and equivalency, effectiveness and required resources. This analysis may form the basis for determining assurance approaches and making trade-offs among the various factors for given security applications. The materials in Part 3 contain the mapping SSE-CMM (System Security Engineering Capability Maturity Model) to CC (Common Criteria), T-CMM (Technical-CMM) to CC and so forth. SSE-CMM and T-CMM are listed in the Part 2, and the Part 3 selects the assurance method or approach in the Part 2 to verify the relationship of them by using the concepts based on the software engineering. An assurance method KISEC (Korea Information Security Evaluation Criteria) will be included in ISO/IEC 15443 Part 2, and the research about the relationship with respect to software engineering between KISEC and CC is needed. This paper is about the research for the relationship of assurance requirements for configuration management between KISEC and CC. This paper will help the development company of IT product and system to understand the evaluation criteria CC and prepare for an evaluation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
ISO. ISO/IEC 15408-1:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model
ISO. ISO/IEC 15408-2:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements
ISO. ISO/IEC 15408-3:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements
ISO. ISO/IEC 15443-1 Information technology - Security techniques - A framework for IT security assurance - Part 1: Overview and framework
ISO. ISO/IEC 15443-2 Information technology - Security techniques - A framework for IT security assurance - Part 2: Assurance methods
ISO. ISO/IEC 15443-3 Information technology - Security techniques - A framework for IT security assurance - Part 3: Analysis of assurance methods
KISA. Information Security Systems & Certification Guide (2002)
ISO. ISO/IEC WD 18045 Methodology for IT Security Evaluation
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, Hk., Shim, Js., Lee, S., Kim, Jb. (2004). A Relationship of Configuration Management Requirements between KISEC and ISO/IEC 15408. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3046. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24768-5_78
Download citation
DOI: https://doi.org/10.1007/978-3-540-24768-5_78
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22060-2
Online ISBN: 978-3-540-24768-5
eBook Packages: Springer Book Archive