A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems
Jingde Cheng, Y. Goto, Shoichi Morimoto, Daisuke Horie
{"title":"A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems","authors":"Jingde Cheng, Y. Goto, Shoichi Morimoto, Daisuke Horie","doi":"10.1109/ISA.2008.106","DOIUrl":null,"url":null,"abstract":"An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks to protect the systems from assailants. However, until now, there is no systematic methodology proposed for this purpose. Based on our consideration that the continuous supports for system designers, developers, users, and maintainers only can be provided by a standard, formal, and consistent methodology, this paper proposes the new concept of security engineering environment and presents a real security engineering environment we are developing based on ISO/IEC information security standards in order to provide designers, developers, users, and maintainers with standard, formal, and consistent supports for design, development, operation, and maintenance of information systems with high security requirements.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Information Security and Assurance (isa 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISA.2008.106","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 23
Abstract
An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks to protect the systems from assailants. However, until now, there is no systematic methodology proposed for this purpose. Based on our consideration that the continuous supports for system designers, developers, users, and maintainers only can be provided by a standard, formal, and consistent methodology, this paper proposes the new concept of security engineering environment and presents a real security engineering environment we are developing based on ISO/IEC information security standards in order to provide designers, developers, users, and maintainers with standard, formal, and consistent supports for design, development, operation, and maintenance of information systems with high security requirements.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
