Catalog of Security Tactics linked to Common Criteria Requirements
نویسنده
چکیده
Security tactics describe security design decisions in a very general, abstract, and implementation-independent way and provide basic security design guidance. Tactics directly address system quality attributes and can be seen as building blocks for design patterns. In order to establish a more detailed security tactic collection, we link them with the Common Criteria security certification standard by establishing a connection between the security tactic goals and the Common Criteria Security Functional Requirements through Goal Structuring Notation. In this paper we give a brief introduction to the Common Criteria standard and to Goal Structuring Notation, we present the full structured and refined catalog of security tactics, and we discuss benefits of the link with the Common Criteria security standard regarding security certification.
منابع مشابه
Ontological Mapping of Common Criteria's Security Assurance Requirements
The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool, which is based on an ontological representation...
متن کاملUsing cryptographic and watermarking algorithms - Multimedia, IEEE
multimedia’s structure and complexity, security mechanisms for multimedia data should be specific for each purpose. We introduce the most important security requirements for all types of multimedia systems. We also survey revocation methods for digital certificates and introduce a mediaindependent classification scheme. R ecently, security has become one of the most significant and challenging ...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کاملCapturing security requirements for software systems
Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements...
متن کامل