A CC-based Security Engineering Process Evaluation Model

Jongsook Lee, Jieun Lee, Seunghee Lee, Byoungju Choi

Research output: Contribution to journalConference articlepeer-review

25 Scopus citations

Abstract

Common Criteria(CC) provides only the standard for evaluating information security product or system, namely Target of Evaluation (TOE). On the other hand, SSE-CMM provides the standard for Security Engineering Process Evaluation. Based on the CC, TOE's security quality may be assured, but its disadvantage is that the development process is neglected. SSE-CMM seems to assure the quality of TOE developed in an organization equipped with security engineering process, but the TOE developed in such environment cannot avoid CC-based security assurance evaluation. We propose an effective method of integrating two evaluation methods, CC and SSE-CMM, and develop CC-based assurance evaluation model, CC_SSE-CMM. CC_SSE-CMM presents the specific and realistically operable organizational security process maturity assessment and CC evaluation model.

Original languageEnglish
Pages (from-to)130-135
Number of pages6
JournalProceedings - IEEE Computer Society's International Computer Software and Applications Conference
DOIs
StatePublished - 2003
EventProceedings: 27th Annual International Computer Software and Applications Conference, COMPSAC 2003 - Dallas, TX, United States
Duration: 3 Nov 20036 Nov 2003

Fingerprint

Dive into the research topics of 'A CC-based Security Engineering Process Evaluation Model'. Together they form a unique fingerprint.

Cite this