Record Detail Back
Pattern and Security Requirements
- Share to:
Information security management is a challenging topic, due to the dif
fi
culty of exhaustively modeling attackers for an entire system and the threats they cause to it. The idea of security standards and their respective certi
fi
cation schemes is an excellent one. Companies can use a security analysis process in a standard and establish a security product, e.g., a secure software or a process for information security. Security standards are based on best practices from industry and agreed upon in respective consortiums. After a security standard is established, a certi
fi
- cation body checks the security product for compliance with the standard. The certi
fi
cation body shall either certify the successful efforts with an of
fi
cial document or provide guidance on how to improve their security product to achieve certi
fi
cation. The alternative to a security certi
fi
cation process is to deal with security prob- lems at random points in a system. These isolated efforts can prevent the exploi- tation of vulnerabilities of several parts of a system, but without a structured and systematic method the security level of the entire organization cannot be deter- mined. Furthermore, inventing an effective process with regard to security not based on best practices or standards is extremely dif
fi
cult. Not to mention the missing
certi
fi
cation option, which includes an outside review of the security analysis. A security standard with a certi
fi
cation infrastructure has the potential to help with
these problems effectively.
Kristian Beckers - Personal Name
978-3-319-16663-6
NONE
Pattern and Security Requirements
Information Technology
English
2015
1-489
LOADING LIST...
LOADING LIST...