A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems

2009 Fourth International Conference on Frontier of Computer Science and Technology

Cheng

2009

Self Cite

Ubiquitous questionnaire is to provide users with E-questionnaire services anytime and anywhere such that one can use E-questionnaire servers without even thinking about them. An E-questionnaire server for ubiquitous questionnaire should provide guarantees to satisfy any user-specified requirement on information assurance, privacy, and security because some questionnaires may concern organization secrets as well as personal privacy, and some questionnaires such as E-voting or E-testing must impose restrictions on and provide assurance to respondents, voters, and/or testees. Until now, there is no detail requirement analysis for information assurance, privacy, and security in ubiquitous questionnaire. To implement an Equestionnaire server for ubiquitous questionnaire, this paper presents a requirement analysis for information assurance, privacy, and security in ubiquitous questionnaire. The paper identifies all participants and their information assets in ubiquitous questionnaire with a general purpose E-questionnaire server that can be used not only an E-questionnaire server but also an E-voting server and an E-testing server, gives a threat analysis of and a requirement analysis for information assurance, privacy, and security, and investigates technical issues for implementing facilities satisfied the requirements.

Section: Technical Issuesmentioning

confidence: 99%

Information Assurance, Privacy, and Security in Ubiquitous Questionnaire

2009 Fourth International Conference on Frontier of Computer Science and Technology

Cheng

2009

Self Cite

“…From the viewpoint of security engineering, it is important to continuously design, develop, manage, maintain, and abrogate security facilities of information systems [1]. Security is not static and the best practice at present for security is not always the best because new techniques may be devised and used by crackers.…”

Section: Necessity Of Software Life Cycle Process For Secure Informatmentioning

confidence: 99%

“…It is also important to consistently design, develop, manage, maintain, and abrogate security facilities of information systems according to consistent standards [1]. Crackers generally attack the weakest link: the most vulnerable component in systems.…”

Section: Necessity Of Software Life Cycle Process For Secure Informatmentioning

confidence: 99%

A New Model of Software Life Cycle Processes for Consistent Design, Development, Management, and Maintenance of Secure Information Systems

Horie

Kasahara

2009 Eighth IEEE/ACIS International Conference on Computer and Information Science

et al. 2009

Self Cite

This paper presents a new model of software life cycle processes for consistent design, development, management, maintenance, and abolition of secure information systems. The model clearly specifies tasks for engineering security facilities, standards underlying the tasks, and a regular sequence of the tasks. We defined the model according to ISO/IEC 12207 and other ISO standards related to security. The model can be customized as software life cycle processes for various systems with particular purposes. Users of software life cycle processes according to the model can continuously and consistently design, develop, manage, maintain, and abrogate secure information systems whose security is ensured by ISO standards.

“…An Information Security Engineering Environment is an engineering environment that integrates various tools and provides comprehensive facilities for designers, developers, administrators/end-users, and maintainers of information/software systems such that they can use the tools and facilities to ensure the whole security of the target system anytime consistently and continuously [6]. Note that the major point we made in the above definition is "to ensure the whole security of the target system anytime consistently and continuously" that emphasizes the wholeness of security of information/software systems and the continuity and randomness concerning time.…”

Section: Isee: An Information Security Engineering Environmentmentioning

confidence: 99%

Development of ISEE: An Information Security Engineering Environment

Cheng

2009 IEEE International Symposium on Parallel and Distributed Processing With Applications

Horie

et al. 2009

Self Cite

Security Engineering has some features that are intrinsically different from Software (Reliability) Engineering. Traditional software engineering environments are not adequate and effective for designing, developing, managing, and maintaining secure software systems. This paper presents our development of ISEE, an information security engineering environment we are developing, that integrates various tools and provides comprehensive facilities to support design, development, management, and maintenance of security facilities of information/software systems continuously and consistently, and guides and helps all users to perform their tasks regularly according to ISO/IEC security standards. ISEE is the first real information security engineering environment.