Abstract
Software companies which have been involved in a process improvement programme according to ISO/IEC 15504 have already performed some steps in order to implement ISO/IEC 27000 as an information security management framework. After analysing in depth the existing relations between ISO/IEC 15504-5 base practices and ISO/IEC 27002 security controls, in this paper the security controls covered by the ISO/IEC 15504-5 processes are described, the changes over these processes which would be necessary for the implementation of the controls are detailed and an ISO/IEC 15504 Security Extension that facilitates the implementation of both standards is presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC. ISO/IEC 15504-1:2004 Information Technology - Process Assessment - Part 1: Concepts and Vocabulary (2004)
ISO/IEC. ISO/IEC 15504-2:2003/Cor 1:2004 Software Engineering - Process Assessment - Part 2: Performing an assessment (2004)
ISO/IEC. ISO/IEC 27001:2005 Information technology - Security techniques - Information security management systems - Requirements (2005)
ISO/IEC. ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management (2005)
Mas, A., Amengual, E.: La mejora de los procesos de software en las pequeñas y medianas empresas (pyme). In: Un nuevo modelo y su aplicación en un caso real. Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS), vol. 1(2), pp. 7–29 (2005)
Amengual, E., Mas, A.: Software Process Improvement in Small Companies: An Experience. In: 14th European Software Process Improvement Conference, Germany, pp. 11.11–11.18 (2007)
Mas, A., Fluxà, B., Amengual, E.: Lessons learned from an ISO/IEC 15504 SPI Programme in a Company. In: 16th European Systems & Software process Improvement and Innovation Conference, Spain, pp. 4.13–4.18 (2009)
Mas, A., Amengual, E., Mesquida, A.L.: Application of ISO/IEC 15504 in Very Small Enterprises. In: Riel, A., O’Connor, R., Tichkiewitch, S., Messnarz, R. (eds.) EuroSPI 2010. CCIS, vol. 99, pp. 290–301. Springer, Heidelberg (2010)
Mas, A., Amengual, E.: A Method for the Implementation of a Quality Management System in Software SMEs. In: 12th International Conference on Software Quality Management, pp. 61–74. British Computer Society (2004)
Amengual, E., Mas, A.: A New Method of ISO/IEC TR 15504 and ISO 9001:2000 Simultaneous Application on Software SMEs. In: 3rd International SPICE Conference on Process Assessment and Improvement, The Netherlands, pp. 87–92 (2003)
Mesquida, A.L., Mas, A., Amengual, E.: La madurez de los servicios TI. In: Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS), vol. 5(2), pp. 77–87 (2009)
ISO/IEC. ISO/IEC 15504-5:2006 Information technology - Process Assessment - Part 5: An exemplar Process Assessment Model (2006)
ISO/IEC: TR 15504-7:2008 Information technology - Process Assessment - Part 7: Assessment of organizational maturity (2008)
Mas, A., Mesquida, A.L., Amengual, E., Fluxà, B.: ISO/IEC 15504 best practices to facilitate ISO/IEC 27000 implementation. In: 5th International Conference on Evaluation of Novel Approaches to Software Engineering, pp. 192–198. SciTePress, Athens (2010)
ISO/IEC. ISO/IEC PDTR 15504-10 Information technology - Software process assessment - Part 10: Safety Extensions
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mesquida, A.L., Mas, A., Amengual, E. (2011). An ISO/IEC 15504 Security Extension. In: O’Connor, R.V., Rout, T., McCaffery, F., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2011. Communications in Computer and Information Science, vol 155. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21233-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-21233-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21232-1
Online ISBN: 978-3-642-21233-8
eBook Packages: Computer ScienceComputer Science (R0)