By Topic

A CC-based security engineering process evaluation model

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Jongsook Lee ; Dept. of Comput. Sci. & Eng., Ewha Woman''s Univ., Seoul, South Korea ; Jieun Lee ; Seunghee Lee ; Byoungju Choi

Common criteria (CC) provides only the standard for evaluating information security product or system, namely target of evaluation (TOE). On the other hand, SSE-CMM provides the standard for security engineering process evaluation. Based on the CC, TOE's security quality may be assured, but its advantage is that the development process is neglected. SSE-CMM seems to assure the quality of TOE developed in an organization equipped with security engineering process, but the TOE developed in such environment cannot avoid CC-based security assurance evaluation. We propose an effective method of integrating two evaluation methods, CC and SSE-CMM, and develop CC-based assurance evaluation model, CC_SSE-CMM. CC_SSE-CMM presents the specific and realistically operable organizational security process maturity assessment and CC evaluation model.

Published in:

Computer Software and Applications Conference, 2003. COMPSAC 2003. Proceedings. 27th Annual International

Date of Conference:

3-6 Nov. 2003