2012 Seventh International Conference on Availability, Reliability and Security (2008)
Mar. 4, 2008 to Mar. 7, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2008.76
Security facilities of information systems with high security requirements should be consistently and continuously developed, used, and maintained based on some common standards of information security. However, there is no engineering environment that can support all tasks in security engineering consistently and continuously. To construct a security engineering environment, a database that can manage all data concerning all tasks in security engineering is indispensable.This paper presents an Information Security Engineering Database System, named "ISEDS," that we are developing based on ISO standards, and shows its some possible applications. ISEDS manages data of ISO standards of information security and various cases of system development and maintenance. We adopted the international standard ISO/IEC 15408 (Common Criteria) for information security evaluation as one of ISO standards to underlie ISEDS, and implemented major functions of ISEDS and its application tools to manage and use data of ISO/IEC 15408.Developers, users, and maintainers can create, correct, and verify specification documents of security facilities with the application tools.
Information security, Common Criteria, ISO/IEC 15408, An Information Security Engineering Database System, Supporting design of security facilities, Supporting maintenance of security facilities
Noor Azimah, Jingde Cheng, Yuichi Goto, Shoichi Morimoto, Daisuke Horie, "ISEDS: An Information Security Engineering Database System Based on ISO Standards", 2012 Seventh International Conference on Availability, Reliability and Security, vol. 00, no. , pp. 1219-1225, 2008, doi:10.1109/ARES.2008.76