Advertisement

An ISO/IEC 15504 Security Extension

  • Antoni Lluís Mesquida
  • Antònia Mas
  • Esperança Amengual
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 155)

Abstract

Software companies which have been involved in a process improvement programme according to ISO/IEC 15504 have already performed some steps in order to implement ISO/IEC 27000 as an information security management framework. After analysing in depth the existing relations between ISO/IEC 15504-5 base practices and ISO/IEC 27002 security controls, in this paper the security controls covered by the ISO/IEC 15504-5 processes are described, the changes over these processes which would be necessary for the implementation of the controls are detailed and an ISO/IEC 15504 Security Extension that facilitates the implementation of both standards is presented.

Keywords

ISO/IEC 15504 (SPICE) ISO/IEC 27000 Information security Software Process Improvement (SPI) 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ISO/IEC. ISO/IEC 15504-1:2004 Information Technology - Process Assessment - Part 1: Concepts and Vocabulary (2004) Google Scholar
  2. 2.
    ISO/IEC. ISO/IEC 15504-2:2003/Cor 1:2004 Software Engineering - Process Assessment - Part 2: Performing an assessment (2004) Google Scholar
  3. 3.
    ISO/IEC. ISO/IEC 27001:2005 Information technology - Security techniques - Information security management systems - Requirements (2005) Google Scholar
  4. 4.
    ISO/IEC. ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management (2005) Google Scholar
  5. 5.
    Mas, A., Amengual, E.: La mejora de los procesos de software en las pequeñas y medianas empresas (pyme). In: Un nuevo modelo y su aplicación en un caso real. Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS), vol. 1(2), pp. 7–29 (2005)Google Scholar
  6. 6.
    Amengual, E., Mas, A.: Software Process Improvement in Small Companies: An Experience. In: 14th European Software Process Improvement Conference, Germany, pp. 11.11–11.18 (2007)Google Scholar
  7. 7.
    Mas, A., Fluxà, B., Amengual, E.: Lessons learned from an ISO/IEC 15504 SPI Programme in a Company. In: 16th European Systems & Software process Improvement and Innovation Conference, Spain, pp. 4.13–4.18 (2009)Google Scholar
  8. 8.
    Mas, A., Amengual, E., Mesquida, A.L.: Application of ISO/IEC 15504 in Very Small Enterprises. In: Riel, A., O’Connor, R., Tichkiewitch, S., Messnarz, R. (eds.) EuroSPI 2010. CCIS, vol. 99, pp. 290–301. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Mas, A., Amengual, E.: A Method for the Implementation of a Quality Management System in Software SMEs. In: 12th International Conference on Software Quality Management, pp. 61–74. British Computer Society (2004)Google Scholar
  10. 10.
    Amengual, E., Mas, A.: A New Method of ISO/IEC TR 15504 and ISO 9001:2000 Simultaneous Application on Software SMEs. In: 3rd International SPICE Conference on Process Assessment and Improvement, The Netherlands, pp. 87–92 (2003)Google Scholar
  11. 11.
    Mesquida, A.L., Mas, A., Amengual, E.: La madurez de los servicios TI. In: Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS), vol. 5(2), pp. 77–87 (2009)Google Scholar
  12. 12.
    ISO/IEC. ISO/IEC 15504-5:2006 Information technology - Process Assessment - Part 5: An exemplar Process Assessment Model (2006) Google Scholar
  13. 13.
    ISO/IEC: TR 15504-7:2008 Information technology - Process Assessment - Part 7: Assessment of organizational maturity (2008) Google Scholar
  14. 14.
    Mas, A., Mesquida, A.L., Amengual, E., Fluxà, B.: ISO/IEC 15504 best practices to facilitate ISO/IEC 27000 implementation. In: 5th International Conference on Evaluation of Novel Approaches to Software Engineering, pp. 192–198. SciTePress, Athens (2010)Google Scholar
  15. 15.
    ISO/IEC. ISO/IEC PDTR 15504-10 Information technology - Software process assessment - Part 10: Safety ExtensionsGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Antoni Lluís Mesquida
    • 1
  • Antònia Mas
    • 1
  • Esperança Amengual
    • 1
  1. 1.Department of Mathematics and Computer ScienceUniversity of the Balearic IslandsPalma de Mallorca (Illes Balears)Spain

Personalised recommendations