Into the Security Dilemma (original) (raw)
Related papers
An Approach for Software Security Evaluation Based on ISO/IEC 15408 in the ISMS Implementation
Security software is focused on identifying potential hazards and can have a negative impact on the software and also damage the whole system. If risks are identified early in the software engineering process, Software design problems are detected, and the potential hazards are eliminated or controlled. Value of the investment on hardware components and software programs, the value of data organization, individual data values, threats, computer crimes, are the main reasons to understand the Importance of security and why security measures are necessary. Since the systems are under constant threat and on the other hand, absolute security cannot be seen, it is obvious that whenever there is a security problem of the advancement of technology. From Hence, in order for raising the level security in the software, at all stages of the development of software products, security assessments should be considered. In this paper, we tried to security evaluate all the activities of Software Development Life Cycle based on the third part of the ISO/IEC 15048, to increase the level of security in the SDLC. In fact, using this standard, the adoption of security activities in order to assess the life cycle activities is proposed. Continued research in applying the principles of ISMS, security assessment activities have improved with exposure in PDCA cycle, thus the complete security evaluation on the life cycle of software development activities will be carried out. Therefore, the goal is to create a method based on the principles of safety engineering, that represent the evaluation of the activities involved SDLC under the Common Criteria standard. Since the guidelines of the standards, ISO/IEC 12207, ISO/IEC 15408 and ISO/IEC 27034 is used, this approach worked quite flexible and adaptable to changing technology, organizational structure, changing business objectives and organization security policy changes. https://sites.google.com/site/ijcsis/
Issues of Implementation of CMMI in Pakistan Software Industry
International Journal of Innovation and Applied Studies, 2014
Pakistan Software industry despite having potential failed to progress well in order to capture fair amount of international market share. Due to poor quality practices and lack of standardized practices Pakistan software industry ranked as tier-3 among the taxonomy of software exporting nations. Software Process Improvements (SPI) practices can play their part to overcome problem of Pakistan software industry but we also suffer in implementation of these standard practices. The core aim of this study is to identify the main barriers of Software Process Improvement (SPI) best practices in term of CMMI model in Pakistan. Pakistan based software development organizations suffer with implementation of Software process Areas due to many factor.
An Exploratory Study on Secure Software Practices Among Software Practitioners in Malaysia
Journal of Telecommunication, Electronic and Computer Engineering, 2016
Rapid growths of computers, mobile phones and Internet technology have created ways for irresponsible people to undertake computer crimes. Millions of users across the globe have fallen as victims to computer crimes, including Malaysia. It is due to current software environment which is more complex, distributed, keeps confidential data and easily exposed to malicious attacks. Consequently, secure software process is increasingly gaining much importance among software practitioners and researchers. However, even though its importance has been revealed, only few studies were conducted regarding its current practice in the software industry, especially in Malaysia. Thus, an exploratory study is conducted among software practitioners in Malaysia to study their experiences and practices on the secure software process in the real-world projects. This paper discusses the findings from the study, which involved 93 software practitioners. Structured questionnaire is utilized for data collec...
Computer Aided It Security Development
The paper deals with the improvements of the IT product or system development process. The computer support for IT security development process makes it more effective. CCMODE provides the computer supported project management environment for security-related projects. The paper discusses the project motivation, assumptions, results and their validation.
Information Security Management (ISM)
Research Papers Faculty of Materials Science and Technology Slovak University of Technology, 2012
Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.
CASSIS - Computer-based academy for security and safety in information systems
Proceedings - Second International Conference on Availability, Reliability and Security (ARES), 2007
Information technologies and society are highly interwoven nowadays, but in both, the private and business sector, users are often not aware of security issues or lack proper security skills. The branch of information technology security is growing constantly but attacks against the vocational sector as well as the personal sector still cause great losses each day. Considering that the end-user is the weakest link of the security chain we aim to raise awareness, regarding IT security, and train and educate IT security skills by establishing a European-wide initiative and framework.