Abstract
ISO/IEC TR 15504, the Software Process Improvement Capability Determination (SPICE), provides a framework for the assessment of software processes. This framework can be used by organizations involved in planning, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of software. But, in the ISO/IEC TR 15504, considerations for security are relatively poor to others. For example, the considerations for security related to software development and developer are lacked. In this paper we propose a process related to security by comparing ISO/IEC TR 15504 to ISO/IEC 21827 and ISO/IEC 15408. The proposed scheme may be contributed to the improvement of security for IT product or system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO. ISO/IEC TR 15504–1:1998 Information technology – Software process assessment – Part 1: Concepts and introductory guide
ISO. ISO/IEC TR 15504–2:1998 Information technology – Software process assessment – Part 2: A reference model for processes and process capability
ISO. ISO/IEC TR 15504–3:1998 Information technology – Software process assessment – Part 3: Performing an assessment
ISO. ISO/IEC TR 15504–4:1998 Information technology – Software process assessment – Part 4: Guide to performing assessments
ISO. ISO/IEC TR 15504–5:1998 Information technology – Software process assessment – Part 5: An assessment model and indicator guidance
ISO. ISO/IEC TR 15504–6:1998 Information technology – Software process assessment – Part 6: Guide to competency of assessors
ISO. ISO/IEC TR 15504–7:1998 Information technology – Software process assessment – Part 7: Guide for use in process improvement
ISO. ISO/IEC TR 15504–8:1998 Information technology – Software process assessment – Part 8: Guide for use in determining supplier process capability
ISO. ISO/IEC TR 15504–9:1998 Information technology – Software process assessment – Part 9: Vocabulary
ISO. ISO/IEC 15408–1:1999 Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model
ISO. ISO/IEC 15408–2:1999 Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements
ISO. ISO/IEC 15408–3:1999 Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance requirements
Kim, T.-h., Sung, Y.-g., Cho, K.-m., Kim, S.-h., No, B.-g.: A Study on The Efficiency Elevation Method of IT Security System Evaluation via Process Improvement. The Journal of The Information Assurance 3(1), KIAS (2003)
Kim, T.-h., Lee, T.-s., Kim, M.-c., Kim, S.-m.: Relationship Between Assur-ance Class of CC and Product Development Process. In: The 6th Conference on Software En-gineering Technology, SETC (2003)
Kim, T.-H., No, B.-G., Lee, D.-c.: Threat Description for the PP by Using the Concept of the Assets Protected by TOE. In: Sloot, P.M.A., Abramson, D., Bogdanov, A.V., Gorbachev, Y.E., Dongarra, J., Zomaya, A.Y. (eds.) ICCS 2003. LNCS, vol. 2660, pp. 605–613. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, Sh., Leem, Cs., Kim, Th., Kim, Js. (2003). Supplement of Security-Related Parts of ISO/IEC TR 15504. In: Yazıcı, A., Şener, C. (eds) Computer and Information Sciences - ISCIS 2003. ISCIS 2003. Lecture Notes in Computer Science, vol 2869. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39737-3_134
Download citation
DOI: https://doi.org/10.1007/978-3-540-39737-3_134
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20409-1
Online ISBN: 978-3-540-39737-3
eBook Packages: Springer Book Archive