Top

Software Quality Journal

Published in:

27-04-2020

Assessing data cybersecurity using ISO/IEC 25012

Authors: Javier Verdugo, Moisés Rodríguez

Published in: Software Quality Journal | Issue 3/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Data is of ever-growing importance and is widely considered to be a company’s most valuable asset. Since data is becoming the main driver of business value, data quality and, specifically, data security are of paramount importance to companies. Various regulations related to data cybersecurity have been drawn up, such as the GDPR and the Cybersecurity Act, thus proving the importance placed on data cybersecurity by influential legislative institutions. Several standards related to security have emerged in recent years, most notably those of the ISO/IEC 27000 series. They are, however, focused on management systems and security infrastructure and ignore the security of the data itself. Other standards related to data quality, such as ISO 8000, also fail to address data security in depth. This paper, therefore, proposes a framework for the evaluation of data cybersecurity, consisting of a quality model, an evaluation process, and a tool for the visualization of the assessment results. This evaluation framework has been employed as the basis for a data cybersecurity certification scheme, which complements other certifiable standards related to data and security, such as ISO/IEC 27001 and ISO 8000. This work additionally presents the results of a pilot project in which the data cybersecurity of a commercial product was evaluated. The results of this pilot application allowed us to validate the feasibility of the evaluation framework defined.

previous article Data-driven and tool-supported elicitation of quality requirements in agile companies

next article Integrating security and privacy in software development

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

ASCSM 1.0: Automated Source Code CISQ Security Measure. Object Management Group (2016).

Carretero, A. G., Gualo, F., Caballero, I., & Piattini, M. (2017). MAMD 2.0: Environment for data quality processes implantation based on ISO 8000-6X and ISO/IEC 33000. Computer Standards and Interfaces, 54, 139–151.CrossRef

European Comission website, https://ec.europa.eu/commission/news/cybersecurity-act-2018-dec-11_en, last accessed 2019/10/09.

European Union law website, https://eur-lex.europa.eu/eli/reg/2016/679/oj, last accessed 2019/10/09.

ISO/IEC 14598-1: Information technology -- Software product evaluation -- Part 1: General overview. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (1999).

ISO/IEC 25000: Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- Guide to SQuaRE. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2014).

ISO/IEC 25010: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- System and software quality models. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2011).

ISO/IEC 25012: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- Data Quality Model. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2008).

ISO/IEC 25020: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- Measurement reference model and guide. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2007).

ISO/IEC 25022: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- Measurement of quality in use. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2016).

ISO/IEC 25023: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- Measurement of system and software product quality. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2016).

ISO/IEC 25024: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- Measurement of data quality. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2015).

ISO/IEC 25040: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) --Evaluation process. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2011).

ISO/IEC 25041: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) --Evaluation guide for developers, acquirers and independent evaluators. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2012).

ISO/IEC 25051: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) --Requirements for quality of Ready to Use Software Product (RUSP) and instructions for testing. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2014).

ISO/IEC 27000: Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary. International Organization for Standardization / ISO/IEC JTC 1/SC 27 Information Security, cybersecurity and privacy protection (2018).

ISO/IEC 9126-1: Software engineering -- Product quality -- Part 1: Quality model. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2001).

ISO/IEC TS 25011: Software Engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- Service quality models. International Organization for Standardization / ISO/IEC JTC 1/SC 7 Software and systems engineering (2017).

ISO/TS 8000-60: Data Quality -- Part 60: Data Quality Management: Overview. International Organization for Standardization / TC 184/SC 4 Industrial data (2017).

Rivas, B., Merino, J., Caballero, I., Serrano, M. A., & Piattini, M. (2017). Towards a service architecture for master data exchange based on ISO 8000 with support to process large datasets. Computer Standards and Interfaces, 54, 94–104.CrossRef

Rodríguez, M., & Piattini, M. (2015). Fernandez, C. M.:A hard look at software quality: Pilot program uses ISO/IEC 25000 family to evaluate, improve and certify software products. Quality Progress, 48, 30–36.

Rodríguez, M., Oviedo, J. R., & Piattini, M. (2016). Evaluation of Software Product Functional Suitability: A Case Study. Software Quality Professional, 18(3), 18–29.

Rodríguez, M., Piattini, M., & Ebert, C. (2019). Software verification and validation technologies and tools. IEEE Software, 36(2), 13–24.CrossRef

World Economic Forum, https://www.weforum.org/agenda/2016/01/the-fourth-industrial-revolution-what-it-means-and-how-to-respond/, last accessed 2019/10/09.

Zubrow, D. (2004). Measuring software product quality: The ISO 25000 series and CMMI. SEI.

Title: Assessing data cybersecurity using ISO/IEC 25012
Authors: Javier Verdugo
Moisés Rodríguez
Publication date: 27-04-2020
Publisher: Springer US
Published in: Software Quality Journal / Issue 3/2020
Print ISSN: 0963-9314
Electronic ISSN: 1573-1367
DOI: https://doi.org/10.1007/s11219-019-09494-x

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Other articles of this Issue 3/2020

Testing adaptation policies for software components

HSACMA: a hierarchical scalable adaptive cloud monitoring architecture

Guest Editorial: Special issue on quality of adaptive software systems

Measuring data credibility and medical coding: a case study using a nationwide Portuguese inpatient database

A preliminary analysis of self-adaptive systems according to different issues

Special issue on quality management for information systems

Premium Partner