Browse > Article
http://dx.doi.org/10.3745/KTSDE.2014.3.11.465

Software Security Supplementation Guide Line Based on ISO 27001 for the SP Certified Organization  

Yoon, Eun-Ji (단국대학교 컴퓨터학과)
Park, Young B. (단국대학교 컴퓨터과학과)
Publication Information
KIPS Transactions on Software and Data Engineering / v.3, no.11, 2014 , pp. 465-470 More about this Journal
Abstract
The SP quality assessments from national IT industry promotion agency of Korea(NIPA) assesses ability of software development process. And the SP quality assessments is getting popular over the nation. But, in the SP quality assessments, there is no concern about security attribute. In this paper new secure process base on ISO 27001 is proposed for the organization that is already passed SP quality assessments. This process can detect security threatening factors and gives chance to protect those factors. Furthermore, since detected security weaknesses can be used as a measurement, the system can be managed in aspect to security attribute.
Keywords
Software Security; ISO 27001; SP Quality Assessments; Security Measurement; Security Threatening Factors;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Fusaro, P., El Emam, K., and Smith, B, "Evaluating the Interrater Agreement of Process Capability Ratings," Proceedings of the International Software Metrics Symposium, Vol.4, pp.2-11, 1997.
2 H. S. Yang, D. H. Bae, "Standardization of Software Quality and Trend of Test Certification Technologies," KIISE, Vol.23, No.3, pp.45-55, 2005.
3 K. S. Lee, J. W. Kim and Y. E. Jung, "Software Quality Evaluation using Software Development Guideline," KIISE, Vol.29, No.2, pp.121-123, 2002.
4 El Emam, K., Jung, H.-W, "An empirical evaluation of the ISO/IEC 15504 assessment model," Quality control and applied statistics, Vol.47, No.5, pp.583-586, 2002.
5 I. O. Song, "An Empirical Research on Software Process Model of Small Business for SP-Certirication," Master's Thesis of SoongSil Graduate School, 2010.
6 TTA, "GS Certification," 2013.
7 W. S. Kim, J. W. Oh, K. H. Yoon, C. W. Lee, C. S. Wu, W. H. Jang and S. H. Lee, "A Reference Model for Software Quality Certification," KIISE, Vol.28, No.2, pp.526-528, 2001.
8 Jeffrey M. Voas, "Certification: Reducing the hidden costs of poor quality," IEEE Software, Vol.16, No.4, pp.22-25, 1999.
9 http://ko.wikipedia.org/wiki/ISO/IEC_27001, 2013.
10 NIPA, "Quality Certification of SW Process," 2011.
11 J. M. Lee, "Investigation in Evaluation Matrix for Security Software Product," KIISE, Vol.33, No.2, pp.427-432, 2006.
12 C. D. Cho, "Effectiveness Proof through Case Studies of Software Process Quality Certification Standards," Master's Thesis of ChungAng Graduate School, 2011.
13 ISO/ICE 27001, "Information technology Security techniques Information security management systems Requirements," 2005.