Skip to main content
SpringerLink
Log in

Assessing Data Cybersecurity Using ISO/IEC 25012

  • Conference paper
  • First Online:
Quality of Information and Communications Technology (QUATIC 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1010))

Abstract

The importance of data is ever-growing, and it is widely considered to be the most valuable asset of a company. Since data is becoming the main driver of business value, data security is a paramount concern for companies. In recent years, several standards related to security have emerged, most notably those of the ISO/IEC 27000 series. However, they are focused on management systems and security infrastructure, neglecting the security of the data itself. Other standards related to data quality, such as ISO 8000, also fail to address data security in depth. To this end, we propose in this paper a framework for the evaluation of data cybersecurity, consisting of a quality model (based on ISO/IEC 25012), an evaluation process (based on ISO/IEC 25040), and a tool for the visualization of the assessment results. This evaluation framework has been taken as the basis for a data cybersecurity certification scheme, which complements other certifiable standards related to data and security such as ISO/IEC 27001 and ISO 8000.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. European Comission. https://ec.europa.eu/commission/news/cybersecurity-act-2018-dec-11_en. Accessed 16 May 2019

  2. ISO/IEC 27000: Information technology – Security techniques – Information security management systems – Overview and vocabulary. International Organization for Standardization/ISO/IEC JTC 1/SC 27 Information Security, cybersecurity and privacy protection (2018)

    Google Scholar 

  3. ASCSM 1.0: Automated Source Code CISQ Security Measure. Object Management Group (2016)

    Google Scholar 

  4. ISO/IEC 25012: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Data Quality Model. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2008)

    Google Scholar 

  5. ISO/TS 8000-60: Data Quality – Part 60: Data Quality Management: Overview. International Organization for Standardization/TC 184/SC 4 Industrial data (2017)

    Google Scholar 

  6. ISO/IEC 25000: Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – Guide to SQuaRE. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2014)

    Google Scholar 

  7. ISO/IEC 9126-1: Software engineering – Product quality – Part 1: Quality model. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2001)

    Google Scholar 

  8. ISO/IEC 14598-1: Information technology – Software product evaluation – Part 1: General overview. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (1999)

    Google Scholar 

  9. Zubrow, D.: Measuring Software Product Quality: the ISO 25000 Series and CMMI. SEI (2004)

    Google Scholar 

  10. ISO/IEC 25010: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – System and software quality models. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2011)

    Google Scholar 

  11. ISO/IEC TS 25011: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Service quality models. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2017)

    Google Scholar 

  12. ISO/IEC 25020: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement reference model and guide. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2007)

    Google Scholar 

  13. ISO/IEC 25022: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement of quality in use. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2016)

    Google Scholar 

  14. ISO/IEC 25023: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement of system and software product quality. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2016)

    Google Scholar 

  15. ISO/IEC 25024: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement of data quality. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2015)

    Google Scholar 

  16. ISO/IEC 25040: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Evaluation process. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2011)

    Google Scholar 

  17. ISO/IEC 25051: Software Engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Requirements for quality of Ready to Use Software Product (RUSP) and instructions for testing. International Organization for Standardization/ISO/IEC JTC 1/SC 7 Software and systems engineering (2014)

    Google Scholar 

  18. Rodríguez, M., Oviedo, J.R., Piattini, M.: Evaluation of software product functional suitability: a case study. Softw. Qual. Prof. 18(3), 18–29 (2016)

    Google Scholar 

  19. Rodríguez, M., Piattini, M., Fernandez, C.M.: A hard look at software quality: Pilot program uses ISO/IEC 25000 family to evaluate, improve and certify software products. Qual. Prog. 48, 30–36 (2015)

    Google Scholar 

Download references

Acknowledgements

This research is part of the DQIoT project (INNO-20171086), funded by CDTI; ECD project (PTQ-16-08504), funded by the “Torres Quevedo” Program of the Spanish Ministry of Economy, Industry and Competitiveness; CYBERDATA project (REF: 13/17/IN/013) funded by Consejería de Economía, Empresas y Empleo JCCM and FEDER (Fondo Europeo de Desarrollo Regional); ECLIPSE project (Ministerio de Ciencia, Innovación y Universidades, and Fondo Europeo de Desarrollo Regional FEDER, RTI2018-094283-B-C31); and TESTIMO project (Consejería de Educación, Cultura y Deportes de la Junta de Comunidades de Castilla La Mancha, and Fondo Europeo de Desarrollo Regional FEDER, SBPLY/17/180501/000503).

Author information

Authors and Affiliations

  1. AQCLab, Camino Moledores, 13071, Ciudad Real, Spain

    Javier Verdugo & Moisés Rodríguez

  2. Alarcos Research Group, Institute of Technologies and Information Systems, University of Castilla-La Mancha, Paseo de La Universidad, 4, 13071, Ciudad Real, Spain

    Javier Verdugo & Moisés Rodríguez

Authors
  1. Javier Verdugo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Moisés Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Javier Verdugo .

Editor information

Editors and Affiliations

  1. Department of Information Technologies and Systems, University of Castilla-La Mancha, Ciudad Real, Spain

    Mario Piattini

  2. Departamento de Engenharia Informatica, University of Coimbra, Coimbra, Portugal

    Paulo Rupino da Cunha

  3. Department of Information Technologies and Systems, University of Castilla-La Mancha, Ciudad Real, Spain

    Ignacio García Rodríguez de Guzmán

  4. Department of Information Technologies and Systems, University of Castilla-La Mancha, Ciudad Real, Spain

    Ricardo Pérez-Castillo

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Verdugo, J., Rodríguez, M. (2019). Assessing Data Cybersecurity Using ISO/IEC 25012. In: Piattini, M., Rupino da Cunha, P., García Rodríguez de Guzmán, I., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2019. Communications in Computer and Information Science, vol 1010. Springer, Cham. https://doi.org/10.1007/978-3-030-29238-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29238-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29237-9

  • Online ISBN: 978-3-030-29238-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation