Skip to main content
SpringerLink
Log in

An ISO/IEC 15504 Security Extension

  • Conference paper
Software Process Improvement and Capability Determination (SPICE 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 155))

Abstract

Software companies which have been involved in a process improvement programme according to ISO/IEC 15504 have already performed some steps in order to implement ISO/IEC 27000 as an information security management framework. After analysing in depth the existing relations between ISO/IEC 15504-5 base practices and ISO/IEC 27002 security controls, in this paper the security controls covered by the ISO/IEC 15504-5 processes are described, the changes over these processes which would be necessary for the implementation of the controls are detailed and an ISO/IEC 15504 Security Extension that facilitates the implementation of both standards is presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ISO/IEC. ISO/IEC 15504-1:2004 Information Technology - Process Assessment - Part 1: Concepts and Vocabulary (2004)

    Google Scholar 

  2. ISO/IEC. ISO/IEC 15504-2:2003/Cor 1:2004 Software Engineering - Process Assessment - Part 2: Performing an assessment (2004)

    Google Scholar 

  3. ISO/IEC. ISO/IEC 27001:2005 Information technology - Security techniques - Information security management systems - Requirements (2005)

    Google Scholar 

  4. ISO/IEC. ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management (2005)

    Google Scholar 

  5. Mas, A., Amengual, E.: La mejora de los procesos de software en las pequeñas y medianas empresas (pyme). In: Un nuevo modelo y su aplicación en un caso real. Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS), vol. 1(2), pp. 7–29 (2005)

    Google Scholar 

  6. Amengual, E., Mas, A.: Software Process Improvement in Small Companies: An Experience. In: 14th European Software Process Improvement Conference, Germany, pp. 11.11–11.18 (2007)

    Google Scholar 

  7. Mas, A., Fluxà, B., Amengual, E.: Lessons learned from an ISO/IEC 15504 SPI Programme in a Company. In: 16th European Systems & Software process Improvement and Innovation Conference, Spain, pp. 4.13–4.18 (2009)

    Google Scholar 

  8. Mas, A., Amengual, E., Mesquida, A.L.: Application of ISO/IEC 15504 in Very Small Enterprises. In: Riel, A., O’Connor, R., Tichkiewitch, S., Messnarz, R. (eds.) EuroSPI 2010. CCIS, vol. 99, pp. 290–301. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Mas, A., Amengual, E.: A Method for the Implementation of a Quality Management System in Software SMEs. In: 12th International Conference on Software Quality Management, pp. 61–74. British Computer Society (2004)

    Google Scholar 

  10. Amengual, E., Mas, A.: A New Method of ISO/IEC TR 15504 and ISO 9001:2000 Simultaneous Application on Software SMEs. In: 3rd International SPICE Conference on Process Assessment and Improvement, The Netherlands, pp. 87–92 (2003)

    Google Scholar 

  11. Mesquida, A.L., Mas, A., Amengual, E.: La madurez de los servicios TI. In: Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS), vol. 5(2), pp. 77–87 (2009)

    Google Scholar 

  12. ISO/IEC. ISO/IEC 15504-5:2006 Information technology - Process Assessment - Part 5: An exemplar Process Assessment Model (2006)

    Google Scholar 

  13. ISO/IEC: TR 15504-7:2008 Information technology - Process Assessment - Part 7: Assessment of organizational maturity (2008)

    Google Scholar 

  14. Mas, A., Mesquida, A.L., Amengual, E., Fluxà, B.: ISO/IEC 15504 best practices to facilitate ISO/IEC 27000 implementation. In: 5th International Conference on Evaluation of Novel Approaches to Software Engineering, pp. 192–198. SciTePress, Athens (2010)

    Google Scholar 

  15. ISO/IEC. ISO/IEC PDTR 15504-10 Information technology - Software process assessment - Part 10: Safety Extensions

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, University of the Balearic Islands, Cra. de Valldemossa, km 7.5, 07122, Palma de Mallorca (Illes Balears), Spain

    Antoni Lluís Mesquida, Antònia Mas & Esperança Amengual

Authors
  1. Antoni Lluís Mesquida
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antònia Mas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Esperança Amengual
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Lero, The Irish Software Engineering Research Centre, School of Computing, Dublin City University, Dublin, Ireland

    Rory V. O’Connor

  2. Software Quality Institute, Griffith University, Brisbane, Queensland, Australia

    Terry Rout

  3. Regulated Software Research Group, Lero, The Irish Software Engineering Research Centre, Dundalk Institute of Technology, Dundalk, Ireland

    Fergal McCaffery

  4. InterSPICE Ltd, 23 King Street, CB1 1AH, Cambridge, UK

    Alec Dorling

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mesquida, A.L., Mas, A., Amengual, E. (2011). An ISO/IEC 15504 Security Extension. In: O’Connor, R.V., Rout, T., McCaffery, F., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2011. Communications in Computer and Information Science, vol 155. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21233-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21233-8_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21232-1

  • Online ISBN: 978-3-642-21233-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation