ISEDS: An Information Security Engineering Database System Based on ISO Standards

Horie, Daisuke; Morimoto, Shoichi; Azimah, Noor; Goto, Yuichi; Cheng, Jingde

doi:10.1109/ares.2008.76

Cited by 18 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We consider that all of the tasks should be supported by ISEE. The most important central component of ISEE is ISEDS that is an information security engineering database system managing common data shared by all tools and users of ISEE [11]. ISEDS manages data of ISO/IEC security standards and their related documents, data of published cases (e.g., Security Targets, ISMS (Information Security Management Systems) documents, and so on), and data acquired by users in their tasks.…”

Section: Isee: An Information Security Engineering Environmentmentioning

confidence: 99%

Development of ISEE: An Information Security Engineering Environment

Cheng

Goto

Horie

et al. 2009

2009 IEEE International Symposium on Parallel and Distributed Processing With Applications

Self Cite

View full text Add to dashboard Cite

Security Engineering has some features that are intrinsically different from Software (Reliability) Engineering. Traditional software engineering environments are not adequate and effective for designing, developing, managing, and maintaining secure software systems. This paper presents our development of ISEE, an information security engineering environment we are developing, that integrates various tools and provides comprehensive facilities to support design, development, management, and maintenance of security facilities of information/software systems continuously and consistently, and guides and helps all users to perform their tasks regularly according to ISO/IEC security standards. ISEE is the first real information security engineering environment.

show abstract

Section: Isee: An Information Security Engineering Environmentmentioning

confidence: 99%

Development of ISEE: An Information Security Engineering Environment

Cheng

Goto

Horie

et al. 2009

2009 IEEE International Symposium on Parallel and Distributed Processing With Applications

Self Cite

View full text Add to dashboard Cite

show abstract

“…Users can select the editing language according to their ST-Editor provides a central database to support users to store and retrieve described STs and certified STs. We used ISEDS [6] as the central database. ISEDS (Information Secrity Engineering Database System) manages data of ISO standards of information security and various cases of system devel opment and maintenance.…”

Section: Design Of St-editormentioning

confidence: 99%

A supporting tool for creating and maintaining security targets according to ISO/IEC 15408

Sun

Yajima

Miura

et al. 2012

2012 IEEE International Conference on Computer Science and Automation Engineering

Self Cite

View full text Add to dashboard Cite

To acquire the certification according to ISOIIEC 15408 for a target system, it is necessary to create a security target (ST) which specifies security facilities of the system. CreatingSTs is not an easy task for developers because they do not know how to create STs well, even if they know the security facilities.Meanwhile, STs should be maintained continuously to keep a target system secure. Maintaining STs is not easy as same as creating STs. However, there is no tool to support developers and maintainers to create and maintain STs so far. This paper presents a supporting tool according to ISOIIEC 15408, named ST-Editor. ST-Editor tells users what should be described and how they should be described in STs and provides a helpful and secure editing and maintaining environment of STs.

show abstract

“…ISEDS, an Information Security Engineering Database System, as a main component of ISEE, and is planed to manage all ISO standards related with information security [12] and their concerning documents [8]. To support organizations to manage information security, ISEDS should have ISO/IEC 27002 in it [5], but it has not done yet.…”

Section: Introductionmentioning

confidence: 99%

A Database System for Effective Utilization of ISO/IEC 27002

Iqbal

Horie

Goto

et al. 2009

2009 Fourth International Conference on Frontier of Computer Science and Technology

Self Cite

View full text Add to dashboard Cite

ISO/IEC 27002 is an international standard for information security management. Although many organizations need to manage their information systems according to ISO/IEC 27002, ISO/IEC 27002 is not convenient for users to retrieve terms, definitions, and security controls and to make documents for information security management because the ISO/IEC 27002 is distributed only in form of booklet or PDF. On the other hand, ISEE, an information security engineering environment, has been proposed to support all tasks in from requirement analysis to maintenance of security facilities of software/information systems. ISEDS, an information security engineering database system, as a main component of ISEE, is planed manage all ISO standards related with information security and their concerning documents. This paper presents a database system for effective utilization of ISO/IEC 27002 that is obtained by adding ISO/IEC 27002 and related documents into ISEDS. The paper analyzes usages of ISO/IEC 27002, gives requirement analysis of the database system, presents a design and construction of the database system, and shows a usage example. The paper also investigates a systematic method to construct databases of ISO standards for information security in ISEDS.

show abstract

ISEDS: An Information Security Engineering Database System Based on ISO Standards

Cited by 18 publications

References 7 publications

Development of ISEE: An Information Security Engineering Environment

Development of ISEE: An Information Security Engineering Environment

A supporting tool for creating and maintaining security targets according to ISO/IEC 15408

A Database System for Effective Utilization of ISO/IEC 27002

Contact Info

Product

Resources

About