A Structured Comparison of Security Standards
نویسندگان
چکیده
A number of different security standards exist and it is difficult to choose the right one for a particular project or to evaluate if the right standard was chosen for a certification. These standards are often long and complex texts, whose reading and understanding takes up a lot of time. We provide a conceptual model for security standards that relies upon existing research and contains concepts and phases of security standards. In addition, we developed a template based upon this model, which can be instantiated for given security standard. These instantiated templates can be compared and help software and security engineers to understand the differences of security standards. In particular, the instantiated templates explain which information and what level of detail a system document according to a certain security standard contains. We applied our method to the well known international security standards ISO 27001 and Common Criteria, and the German IT-Grundschutz standards, as well.
منابع مشابه
A Comparative Study of Security Council's Dual Standards toward Recent Developments in Libya and Bahrain
With international peace and security covering a broader concept and restriction of governments' authority, issues such as human rights have become intertwined with international peace and security and are no longer an internal issue of governments. It is such that international society may react toward it and make some decisions. What seems important is how Security Council deals with such iss...
متن کاملComparison of Graduate Medical Education in Iran with WFME International Guidelines: Quality Improvement in Postgraduate Medical Education
In 2001, following the development of International Standards in basic medical education, WFME appointed an international Task Force for development of International Guidelines for Postgraduate Specialist Training. Reports of this Task Force were published in September 2001. These Guidelines has been structured in 9 areas and 37 sub-areas. The areas of these guidelines are mission & outcomes, t...
متن کاملSESOS: A Verifiable Searchable Outsourcing Scheme for Ordered Structured Data in Cloud Computing
While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called fully homomorphic encryption, yet the overhead is so high that it is not considered a viable s...
متن کاملپیش نیازهای اجرای اعتباربخشی در بیمارستان
Background: Accreditation is an appropriate strategy for improving the quality, safety and effectiveness of hospital services. Iran national hospital accreditation was initiated as a government and mandatory program in 2012. This study aimed to identify the prerequisites of hospital accreditation implementation in Tehran province hospitals. Materials and Methods: This qualitative study was ...
متن کاملDetermining the appropriate methodology for the security evaluation of equipment related to information and communication technology in the power industry
Providing security in the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both te...
متن کامل