Abstract
The importance of data is ever-growing, and it is widely considered to be the most valuable asset of a company. Since data is becoming the main driver of business value, data security is a paramount concern for companies. In recent years, several standards related to security have emerged, most notably those of the ISO/IEC 27000 series. However, they are focused on management systems and security infrastructure, neglecting the security of the data itself. Other standards related to data quality, such as ISO 8000, also fail to address data security in depth. To this end, we propose in this paper a framework for the evaluation of data cybersecurity, consisting of a quality model (based on ISO/IEC 25012), an evaluation process (based on ISO/IEC 25040), and a tool for the visualization of the assessment results. This evaluation framework has been taken as the basis for a data cybersecurity certification scheme, which complements other certifiable standards related to data and security such as ISO/IEC 27001 and ISO 8000.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European Comission. https://ec.europa.eu/commission/news/cybersecurity-act-2018-dec-11_en. Accessed 16 May 2019
ISO/IEC 27000: Information technology – Security techniques – Information security management systems – Overview and vocabulary. International Organization for Standardization/ISO/IEC JTC 1/SC 27 Information Security, cybersecurity and privacy protection (2018)
ASCSM 1.0: Automated Source Code CISQ Security Measure. Object Management Group (2016)
ISO/IEC 25012: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Data Quality Model. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2008)
ISO/TS 8000-60: Data Quality – Part 60: Data Quality Management: Overview. International Organization for Standardization/TC 184/SC 4 Industrial data (2017)
ISO/IEC 25000: Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – Guide to SQuaRE. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2014)
ISO/IEC 9126-1: Software engineering – Product quality – Part 1: Quality model. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2001)
ISO/IEC 14598-1: Information technology – Software product evaluation – Part 1: General overview. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (1999)
Zubrow, D.: Measuring Software Product Quality: the ISO 25000 Series and CMMI. SEI (2004)
ISO/IEC 25010: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – System and software quality models. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2011)
ISO/IEC TS 25011: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Service quality models. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2017)
ISO/IEC 25020: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement reference model and guide. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2007)
ISO/IEC 25022: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement of quality in use. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2016)
ISO/IEC 25023: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement of system and software product quality. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2016)
ISO/IEC 25024: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement of data quality. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2015)
ISO/IEC 25040: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Evaluation process. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2011)
ISO/IEC 25051: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Requirements for quality of Ready to Use Software Product (RUSP) and instructions for testing. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2014)
Rodríguez, M., Oviedo, J.R., Piattini, M.: Evaluation of software product functional suitability: a case study. Softw. Qual. Prof. 18(3), 18–29 (2016)
Rodríguez, M., Piattini, M., Fernandez, C.M.: A hard look at software quality: Pilot program uses ISO/IEC 25000 family to evaluate, improve and certify software products. Qual. Prog. 48, 30–36 (2015)
Acknowledgements
This research is part of the DQIoT project (INNO-20171086), funded by CDTI; ECD project (PTQ-16-08504), funded by the “Torres Quevedo” Program of the Spanish Ministry of Economy, Industry and Competitiveness; CYBERDATA project (REF: 13/17/IN/013) funded by Consejería de Economía, Empresas y Empleo JCCM and FEDER (Fondo Europeo de Desarrollo Regional); ECLIPSE project (Ministerio de Ciencia, Innovación y Universidades, and Fondo Europeo de Desarrollo Regional FEDER, RTI2018-094283-B-C31); and TESTIMO project (Consejería de Educación, Cultura y Deportes de la Junta de Comunidades de Castilla La Mancha, and Fondo Europeo de Desarrollo Regional FEDER, SBPLY/17/180501/000503).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Verdugo, J., Rodríguez, M. (2019). Assessing Data Cybersecurity Using ISO/IEC 25012. In: Piattini, M., Rupino da Cunha, P., García Rodríguez de Guzmán, I., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2019. Communications in Computer and Information Science, vol 1010. Springer, Cham. https://doi.org/10.1007/978-3-030-29238-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-29238-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29237-9
Online ISBN: 978-3-030-29238-6
eBook Packages: Computer ScienceComputer Science (R0)