The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
ISO/IEC 27002 is an international standard for information security management. Although many organizations need to manage their information systems according to ISO/IEC 27002, ISO/IEC 27002 is not convenient for users to retrieve terms, definitions, and security controls and to make documents for information security management because the ISO/IEC 27002 is distributed only in form of booklet or PDF...
Security engineering has some features that are intrinsically different from software (reliability) engineering. Traditional software engineering environments are not adequate and effective for designing, developing, managing, and maintaining secure software systems. This paper presents our development of ISEE, an information security engineering environment we are developing, that integrates various...
This paper presents a new model of software life cycle processes for consistent design, development, management, maintenance, and abolition of secure information systems. The model clearly specifies tasks for engineering security facilities, standards underlying the tasks, and a regular sequence of the tasks. We defined the model according to ISO/IEC 12207 and other ISO standards related to security...
This paper presents a requirement analysis, design, and implementation of ISEE: an information security engineering environment. ISEE integrates various tools and functions for supporting continuous and consistent design, development, management, maintenance, and abolition of security facilities of information systems with high security requirements, and forces users to perform their tasks according...
It is very important to formally verify security specifications of information systems for ensuring their security. Thus we have proposed a formal verification method of security specifications with ISO/IEC 15408. However, to use the method, verifiers have to be familiar with Z notation, linear temporal logic, NuSMV input language, theorem proving, model checking, and ISO/IEC 15408. Moreover, the...
An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks...
Security facilities of information systems with high security requirements should be consistently and continuously developed, used, and maintained based on some common standards of information security. However, there is no engineering environment that can support all tasks in security engineering consistently and continuously. To construct a security engineering environment, a database that can manage...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.