Skip to main content

2017 | OriginalPaper | Buchkapitel

Using the ISO/IEC 27034 as Reference to Develop an Application Security Control Library

verfasst von : Alexssander A. Siqueira, Sheila Reinehr, Andreia Malucelli

Erschienen in: Systems, Software and Services Process Improvement

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Secure software development allows the development of solutions considering information security aspects in the project’s scope, avoiding malicious users to attack system’s vulnerabilities. In this case, security controls must be integrated into the application’s solution design. The standard ISO/IEC 27034 provides the necessary guidance to the development of application security in any interested organization. An important standard’s concept is the Application Security Control (ASC) Library that may provide a central repository of security controls specification and design. The ASC Library can support the organization’s projects secure development considering their main characteristics and providing the necessary security controls references. This work reports an action-research developed in an international bank that adopted the ASC Library concept after reviewing its previous applications security risk assessments and identifying several missing security controls. The main contribution of this work is a process to identify, specify and document the organization security controls based on the ASC Library concept.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
2.
3.
Zurück zum Zitat Futcher, L., Solms, R.: Guidelines for secure software development. In: Proceedings of 2008 Conference of South African Institute of Computer Scientists and Information Technologists (SAICSIT), pp. 56–65. SAICSIT in Association with ACM, Port Elizabeth, South Africa (2008). doi:10.1145/1456659.1456667 Futcher, L., Solms, R.: Guidelines for secure software development. In: Proceedings of 2008 Conference of South African Institute of Computer Scientists and Information Technologists (SAICSIT), pp. 56–65. SAICSIT in Association with ACM, Port Elizabeth, South Africa (2008). doi:10.​1145/​1456659.​1456667
5.
Zurück zum Zitat ISO/IEC 15408: 2009 - Information technology - Security techniques - Evaluation criteria for IT security Information technology. International Organization for Standardization/International Electrotechnical Commission, Geneva (2009) ISO/IEC 15408: 2009 - Information technology - Security techniques - Evaluation criteria for IT security Information technology. International Organization for Standardization/International Electrotechnical Commission, Geneva (2009)
6.
Zurück zum Zitat ISO/IEC 12207: 2008 Standards Catalogue - Systems and software engineering - Software life cycle processes. International Organization for Standardization/International Electrotechnical Commission, Geneva (2008) ISO/IEC 12207: 2008 Standards Catalogue - Systems and software engineering - Software life cycle processes. International Organization for Standardization/International Electrotechnical Commission, Geneva (2008)
7.
Zurück zum Zitat ISO/IEC 21827: 2008 Standards Catalogue - Systems Security Engineering - Capability Maturity Model® (SSE-CMM®). International Organization for Standardization/International Electrotechnical Commission, Geneva (2008) ISO/IEC 21827: 2008 Standards Catalogue - Systems Security Engineering - Capability Maturity Model® (SSE-CMM®). International Organization for Standardization/International Electrotechnical Commission, Geneva (2008)
8.
Zurück zum Zitat ISO/IEC 27034: 2011 Part 1 - Information technology - Security techniques - Application security - Overview and concepts. International Organization for Standardization/International Electrotechnical Commission, Geneva (2011) ISO/IEC 27034: 2011 Part 1 - Information technology - Security techniques - Application security - Overview and concepts. International Organization for Standardization/International Electrotechnical Commission, Geneva (2011)
Metadaten
Titel
Using the ISO/IEC 27034 as Reference to Develop an Application Security Control Library
verfasst von
Alexssander A. Siqueira
Sheila Reinehr
Andreia Malucelli
Copyright-Jahr
2017
DOI
https://doi.org/10.1007/978-3-319-64218-5_46

Premium Partner