Abstract
An ideal secure information system is not only to keep enough security strength of all components of a target system, but also to ensure all tasks in software life cycle process are done appropriately. Under the consideration, information security engineering environments that integrate various tools to support the tasks are proposed. On the other hand, it is difficult to define generally accepted security strength and its evaluation criteria. ISO information security standards, which regulate various information security related contents are expected, can be used as criteria for the purpose, and should be provided as databases to be used from the tools. However, because standards are always changed and their contents are different from each others, it is difficult to design and manage the databases. This paper proposes a systematic management for information security engineering environments that ensure safety in software life cycle based on the standards.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Advanced Information Systems Engineering Laboratory, Department of Information and Computer Sciences, Saitama University: A Systematic Management Method for ISO Information Security Standards, http://www.aise.ics.saitama-u.ac.jp/isee/
Beyer, K., Cochrane, R., Hvizdos, M., Josifovski, V., Kleewein, J., Lapis, G., Lohman, G., Lyle, R., Nicola, M., Ozcan, F., Pirahesh, H., Seemann, N., Singh, A., Truong, T., Van der Linden, R.C., Vickery, B., Zhang, C., Zhang, G.: DB2 Goes Hybrid: Integrating Native XML and XQuery with Relational Data and SQL. IBM Systems Journal 45, 271–298 (2006)
Chen, W., John, C., Naomi, N., Rakesh, R., Manoj, K.S.: DB2 Express-c: The Developer Handbook for Xml, Php, C/c++, Java, and .net. Vervante (2006)
Chen, W., Sammartino, A., Goutev, D., Hendricks, F., Komi, I., Wei, M., Ahuja, R., Nicola, M.: DB2 9 pureXML Guide. IBM Corp. (2007)
Cheng, J., Goto, Y., Horie, D., Miura, J., Kasahara, T., Iqbal, A.: Development of ISEE: An Information Security Engineering Environment. In: Proceedings of the 7th IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA 2009), pp. 505–510. IEEE Computer Society Press, Chengdu (2009)
Cheng, J., Goto, Y., Morimoto, S., Horie, D.: A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems. In: Proceedings of the 2nd International Conference on Information Security and Assurance (ISA 2008), pp. 350–354. IEEE Computer Society Press, Busan (2008)
Horie, D., Kasahara, T., Goto, Y., Cheng, J.: A New Model of Software Life Cycle Processes for Consistent Design, Development, Management, and Maintenance of Secure Information Systems. In: Proceedings of the 8th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2009), pp. 897–902. IEEE Computer Society, Shanghai (2009)
Horie, D., Morimoto, S., Azimah, N., Goto, Y., Cheng, J.: ISEDS: An Information Security Engineering Database System Based on ISO Standards. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security (ARES 2008), pp. 1219–1225. IEEE Computer Society, Barcelona (2008)
International Organization for Standardization, ISO Standards, http://www.iso.org/iso/home.htm
Iqbal, A., Horie, D., Goto, Y., Cheng, J.: A Database System for Effective Utilization of ISO/IEC 27002. In: Proceedings of the 4th International Conference on Frontier of Computer Science and Technology (FCST 2009), pp. 607–612. IEEE Computer Society, Shanghai (2009)
Krause, L.: Information Technology – Security Techniques and Standardization. Journal Standards & Interfaces - Special issue: German National Research 17, 63–67 (1995)
Nicola, M., Kiefer, T.: Generating SQL/XML Query and Update Statements. In: Proceeding of the 18th ACM Conference on Information and Knowledge Management (CIKM 2009), pp. 1187–1196. ACM, New York (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hakim Suhaimi, A.I., Manji, T., Goto, Y., Cheng, J. (2011). A Systematic Management Method of ISO Information Security Standards for Information Security Engineering Environments. In: Abd Manaf, A., Zeki, A., Zamani, M., Chuprat, S., El-Qawasmeh, E. (eds) Informatics Engineering and Information Science. ICIEIS 2011. Communications in Computer and Information Science, vol 251. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25327-0_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-25327-0_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25326-3
Online ISBN: 978-3-642-25327-0
eBook Packages: Computer ScienceComputer Science (R0)