论文信息 - Supporting Compliance with Security Standards by Trust Case Templates

Supporting Compliance with Security Standards by Trust Case Templates

Trust cases are used to justify that a given object (a system, an infrastructure, an organization) exhibits certain properties. One of possible applications of trust cases is related to the processes of achieving and demonstrating the compliance with standards. A trust case template derived from a given standard constitutes a skeleton of justification (encompassing evidence and argumentation) of the compliance with the standard. The article explains the notion of trust case templates and provides some details on the template development process and a generic procedure of template application. The applicability of the proposed approach is demonstrated by referring to the results of a case study of evaluating an example (real) system against the BS 7799 security management standard.

Lukasz Cyra | Janusz Górski

[1] Thomas Peltier,et al. Information Technology: Code of Practice for Information Security Management , 2001 .

[2] Rafal Leszczyna,et al. Trust case: justifying trust in an IT solution , 2005, Reliab. Eng. Syst. Saf..

[3] G. G. Stokes. "J." , 1890, The New Yale Book of Quotations.

[4] WU Jun-hua. The Main Change of Second Edition Standard of Medical Devices-Application of Risk Management to Medical Devices , 2007 .

[5] Janusz Górski. Trust Case—A Case for Trustworthiness of IT Infrastructures , 2005 .