Title :
A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems
Author :
Cheng, Jingde ; Goto, Yuichi ; Morimoto, Shoichi ; Horie, Daisuke
Abstract :
An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks to protect the systems from assailants. However, until now, there is no systematic methodology proposed for this purpose. Based on our consideration that the continuous supports for system designers, developers, users, and maintainers only can be provided by a standard, formal, and consistent methodology, this paper proposes the new concept of security engineering environment and presents a real security engineering environment we are developing based on ISO/IEC information security standards in order to provide designers, developers, users, and maintainers with standard, formal, and consistent supports for design, development, operation, and maintenance of information systems with high security requirements.
Keywords :
IEC standards; ISO standards; information systems; security of data; software engineering; ISO/IEC information security standards; ISO/IEC standards; secure information system; security engineering environment; security requirements; Design engineering; IEC standards; ISO standards; Information security; Information systems; Maintenance engineering; Protection; Reliability engineering; Standards development; Systems engineering and theory; Continuous supports; ISO/IEC information security standards; Security engineering environment;
