Abstract. With the scale-spreading and diversification of information systems, security requirements for the systems are being more and more complicated. It is desirable to apply database technologies to information security engineering in order to manage the security requirements in design and development of the systems. This paper proposes a security requirement management database based on the international standard ISO/IEC 15408 that defines security functional requirements which should be satisfied by various information systems. The database can aid design and development of information systems that require high security such that it enables to suitably refer to required data of security requirements.
This paper presents a new model of software life cycle processes for consistent design, development, management, maintenance, and abolition of secure information systems. The model clearly specifies tasks for engineering security facilities, standards underlying the tasks, and a regular sequence of the tasks. We defined the model according to ISO/IEC 12207 and other ISO standards related to security. The model can be customized as software life cycle processes for various systems with particular purposes. Users of software life cycle processes according to the model can continuously and consistently design, develop, manage, maintain, and abrogate secure information systems whose security is ensured by ISO standards.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.