Browse > Article
http://dx.doi.org/10.3745/KIPSTD.2004.11D.4.917

A Study on Configuration Management Methodology for Information Security Product based on Process Model  

Hwang, Sun-Myung (대전대학교 컴퓨터공학과)
Publication Information
The KIPS Transactions:PartD / v.11D, no.4, 2004 , pp. 917-928 More about this Journal
Abstract
Common Criteria as ISO/IEC 15408 is used to assure and evaluate IT system security. As the Prime class of security assurance requirement, CM Configuration Management needs the more principled quality activities and practices for developer must be supported. So in this paper, we propose the well-defined CM method as guideline for TOE developer based on Process model including common criteria and develop the CMPET a quantitative process evaluating tool for CM using checklist. It can support useful process analyzing data to developer, evaluator and user.
Keywords
CC; TOE(Target of Evaluation); ISO/IEC 15408;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Dennis M. Ahern, Aaron Clouse Richard Turner, 'CMMI Distilled - A Practical Introduction to Integrated Process Improvement,' 2001
2 ISO/IEC 15504, Part 2 : Reference model for processes and process capability, ISO/IEC JTC1/SC7, 1998
3 SPICE Web Site, http://www.sqi.gu.edu.au/spice/
4 KSPICE, 2001. A Guideline for KSPICE Assessment Procedure, Korea SPICE
5 IEEE Std 828, IEEE Standard for Software Configuration Management Plans
6 ISO/IEC 9126, Information Technology - Software Product Quality, 2000
7 ISO/IEC 14598, Information Technology - Software Product Evaluation, 2000
8 ISO/IEC 12207 Information technology-Software life cycle processes, 1995
9 Architectures, IEEE Computer Society Technical Council on Software Engineering, No.3, Spring, 1995
10 CMU/SEI, CMM : Capability Maturity Model for Software, v 1.1, 1993
11 CMU/SEI(CMMI) Web Site, http://www.sei.cmu.edu/cmm/cmmi/
12 ITSEM : Infromation Technology Security Evaluation Manual, Version 1.0, 1993
13 ISO/IEC 15288 FDIS Systems Engineering-System Life Cycle Processes, 2002
14 Mark C. Paulk, Bill Curtis, Mary Beth Chrissis, and Charles V. Beber, 'Capability Maturity Model for Software, Version 1.1,' Software Engineering Institute, CMU/SEI-93-TR-24, Feb., 1993
15 CC; ISO/IEC 15408,Information Technology - Security Technology - Evaluation Criteria for IT Security, 1999
16 ITSEC : Infromation Technology Security Evaluation Criteria, Version 1.2, 1991
17 TCSEC : Trusted Computer System Evaluation Criteria, DoD5200·28STD, 1985
18 ISO/IEC TR 15846 : 1998(E) Information technology - Software life Cycle Process, KS X ISO/IEC TR 15846, 2002