Abstract
Organizations would encounter with challenges which leaving them would be impossible without any systematic and engineering approach and without any preparation of Secure Information System. The most important and greatest challenge is related to security of area that provides Information Systems. The main contribution of this work is providing a security standard-based process for software product line development. It is based on categories vulnerabilities and some concept of software engineering and use of the redefinition of information system life cycle, which integrated by Common Criteria (ISO/IEC 15408) controls into the product line lifecycle. Present approach reduces the complexity and ambiguity inherent in the information systems security in the engineering, well-defined, repeatability process.
Thus, the security organizations which implement secure products ensure the security level their product and use time-cost effective and engineering process to improve their future product.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Common criteria, ISO/IEC 15408, part: 1 - 2- 3; ver3.1 (2009)
Carnegie Mellon University’s Software Engineering Institute, http://www.cert.org
ISO 27000 standards, http://www.27000.org
ISO 15408, http://www.groups.27000.ir/iso15408
Firesmith, D.G.: Engineering Safety & Security-Related Requirements for SW-Intensive Systems. In: 32nd International Conference on Software Engineering. Carnegie Mellon University, Pittsburgh (2010)
Mellado, D., Fernandez-Medina, E., Piattini, M.: Security requirements engineering framework for software product lines. Information and Software Technology 52, 1094–1117 (2010)
Mead, N.R., Allen, J.H., Ardis, M., Hilburn, T.B., Kornecki, A.J., Linger, R., McDonald, J.: Software Assurance Curriculum Project Volume II: Undergraduate Course Outlines. Technical Report Cmu/Sei–TR-005, ESC-TR–005 (2010)
Mead, N.R., Allen, J.H., Arthur Conklin, W., Drommi, A., Harrison, J., Ingalsbe, J., Rainey, J., Shoemaker, D.: Making the Business Case for Software Assurance. 78, Special Report Cmu/Sei-2009-SR-001 (2009)
Mellado, D., Fernandez-Medina, E., Piattini, M.: Towards security requirements management for software product lines: A security domain requirements engineering process. Computer Standards & Interfaces 30, 361–373 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vali, N., Modiri, N. (2011). Challenges and Opportunities in the Information Systems Security Evaluation and Position of ISO / IEC 15408. In: Zain, J.M., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 180. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22191-0_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-22191-0_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22190-3
Online ISBN: 978-3-642-22191-0
eBook Packages: Computer ScienceComputer Science (R0)