Security by design factors for developing and evaluating secure software

Author

de la Camara, Mercedes ; Saenz, Fco Javier ; Calvo-Manzano, Jose Antonio ; Arcilla, Magdalena

Author_Institution

Escuela Tec. Super. Ing. Sist. de Informacion, Univ. Politec. de Madrid, Madrid, Spain

fYear

2015

fDate

17-20 June 2015

Firstpage

1

Lastpage

6

Abstract

Secure by Design (SbD) is a project management oriented philosophy to develop secure software. This paper is the result of research based on the practices proposed by SbD. A security factors structure to manage such projects is defined. The factors are structured into three organizational levels (strategic, tactical and operational). The purpose is to facilitate the implementation and evaluation of SbD. The security factors structure for software engineering projects has been mapped with the most representative frameworks and standards and the results are shown.

Keywords

organisational aspects; project management; safety-critical software; security of data; SbD; project management oriented philosophy; secure by design; secure software evaluation; security factor structure; software engineering project; IEC standards; ISO standards; Monitoring; Project management; Security; Silicon compounds; Software; CMMI-Dev; COBIT5; ISO/IEC 15504; ISO/IEC 27000; Project Management; Security by Design; Software Process Improvement (SPI);

fLanguage

English

Publisher

ieee

Conference_Titel

Information Systems and Technologies (CISTI), 2015 10th Iberian Conference on

Conference_Location

Aveiro

Type

conf

DOI

10.1109/CISTI.2015.7170500

Filename

7170500