ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

CC-Case B ased on System Development Life-Cycle Process

Proceeding: The International Conference on Computer Security and Digital Investigation (ComSec)

Publication Date:

Authors : ; ; ;

Page : 29-35

Keywords : Assurance Case; CC; GSN; ISO/IEC15026; ISO/IEC 15408; Risk Management; Security assurance;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

Secure system d esign faces many risks such as information leakage and denial of service. We propose a method named CC-Case to describe security assurance cases based on the security structures and thereat analysis. CC-Case uses Common Criteria (ISO/IEC15408) and Assurance Case (ISO/IEC15026 part2). While the scope of CC-Case mainly focuses to the requirement stage, CC-Case can handle the life-cycle process of system design, which contains the requirement, design, implementation, test and the maintenance stages. Risks in system development are categorized 3 types: Customer agreement risk, Business continuity risk, and System risk. The life-cycle process of CC-Case strengthens the treatment for system risk and business continuity risk by life-cycle support.

Last modified: 2014-03-26 22:59:18