Design of Reference Model for Improvement of Security Process

  • Eun-Ser Lee
Part of the Communications in Computer and Information Science book series (CCIS, volume 206)


This paper is intended to proposal maturity model of security process. There are many risk items that cause the security requirement problems during software development. This paper evaluates the efficiency of security lifecycle that detection of new risk items and remove ratio at the security requirement lifecycle. For the similar domain projects, we can remove security risk items and manage to progress them by using security lifecycle, which can greatly improve the software process.


Security process Process improvement Maturity model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Garfinkel, S., Spafford, G.: Web security, Privacy and commerce. O’Reilly & Associates, Sebastopol (2002)Google Scholar
  2. 2.
    ISO. ISO/IEC 15408-2:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements Google Scholar
  3. 3.
    ISO. ISO/IEC 15408-3:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements Google Scholar
  4. 4.
    ISO/IEC Guide 65—General Requirements for Bodies Operating Product Certification Systems (1996) Google Scholar
  5. 5.
    Pressman, R.S.: A practice’s approach, 6th edn (2005)Google Scholar
  6. 6.
    Lee, E.-s., Lee, K.W., Kim, T.-h., Jung, I.-H.: Introduction and evaluation of development system security process of ISO/IEC TR 15504. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 451–460. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Software Process Improvement Forum, KASPA SPI-7 (December 2002)Google Scholar
  8. 8.
    Dunn, R.H.: Software defect removal. McGraw-Hill, New York (1984)Google Scholar
  9. 9.
    Fenton, N., Ohlsson, N.: Quantitative analysis of faults and failures in a complex software system. IEEE Trans. Software Eng. 26, 797–814 (2000)CrossRefGoogle Scholar
  10. 10.
    Lee, E., Lee, K.W., Lee, K.: Development Design Defect Trigger for Software Process Improvement. In: Ramamoorthy, C.V., Lee, R., Lee, K.W. (eds.) SERA 2003. LNCS, vol. 3026, pp. 185–208. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Eun-Ser Lee
    • 1
  1. 1.Computer EngineeringAndong National UniversityAndong-citySouth Korea

Personalised recommendations