This research is intended to develop the system security process. The IT products like as firewall, IDS (Intrusion Detection System) and VPN (Virtual Private Network) are made to perform special functions related to security, so the developers of these products or systems should consider many kinds of things related to security not only design itself but also development environment to protect integrity of products. When we are making these kinds of software products, ISO/IEC TR 15504 may provide a framework for the assessment of software processes, and this framework can be used by organizations involved in planning, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of software. But, in the ISO/IEC TR 15504, considerations for security are relatively poor to other security-related criteria such as ISO/IEC 21827 or ISO/IEC 15408 [10-12]. In fact, security related to software development is concerned with many kinds of measures that may be applied to the development environment or developer to protect the confidentiality and integrity of the IT product or system developed. In this paper we propose some measures related to development process security by analyzing the ISO/IEC 21827, the Systems Security Engineering Capability Maturity Model (SSE-CMM) and ISO/IEC 15408, Common Criteria (CC). And we present a Process of Security for ISO/IEC TR 15504. This enable estimation of development system security process by case study.
[1]
Eun-Ser Lee,et al.
Design Defect Trigger for Software Process Improvement
,
2003,
ICSE 2003.
[2]
Jack Dongarra,et al.
Computational Science — ICCS 2003
,
2003,
Lecture Notes in Computer Science.
[3]
Béatrix Barafort,et al.
Benefits Resulting from the Combined Use of ISO/IEC 15504 with the Information Technology Infrastructure Library (ITIL)
,
2002,
PROFES.
[4]
Tai-Hoon Kim,et al.
Threat Description for the PP by Using the Concept of the Assets Protected by TOE
,
2003,
International Conference on Computational Science.
[5]
K. Lee,et al.
Analysis of interrater agreement in ISO/IEC 15504-based software process assessment
,
2001,
Proceedings Second Asia-Pacific Conference on Quality Software.