Standards Conformity Framework in Comparison with Contemporary Methods Supporting Standards Application (original) (raw)
Related papers
SCF — A framework supporting achieving and assessing conformity with standards
Computer Standards & Interfaces, 2011
Standards Conformity Framework (SCF) presented in this paper encompasses methods and tools which provide support for application of standards and other normative documents. The approach taken focuses on development, assessment and maintenance of an electronic document which demonstrates conformity. Such a document contains an argument structure developed in accordance with the Trust-IT methodology. The paper discusses details of the SCF approach, provides the definition of SCF application processes, presents a developed software tool, which supports the method, and reports on the experience collected in numerous projects of application of the framework.
Supporting Compliance with Security Standards by Trust Case Templates
2nd International Conference on Dependability of Computer Systems (DepCoS-RELCOMEX '07), 2007
Trust Cases are used to justify that a given object (a system, an infrastructure, an organization) exhibits certain properties. One of possible applications of trust cases is related to the processes of achieving and demonstrating the compliance with standards. A Trust Case Template derived from a given standard constitutes a skeleton of justification (encompassing evidence and argumentation) of the compliance with the standard. The article explains the notion of trust case templates and provides some details on the template development process and a generic procedure of template application. The applicability of the proposed approach is demonstrated by referring to the results of a case study of evaluating an example (real) system against the BS 7799 security management standard.
A security standards' framework to facilitate best practices' awareness and conformity
Information Management & Computer Security, 2010
Purpose -Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that still the majority of organizations does not know the dominant security standards or does not fully implement them. The aim of this paper is to facilitate the awareness of information security practitioners regarding globally known and accepted security standards, and thus, contribute to their adoption. Design/methodology/approach -The paper adopts a conceptual approach and results in a classification framework for categorizing available information security standards. The classification framework is built in four layers of abstraction, where the initial layer is founded in ISO/IEC 27001:2005 information security management system. Findings -The paper presents a framework for conceptualizing, categorizing and interconnecting available information security standards dynamically.
1999
Abstract Software engineering standards determine practices that “compliant” software processes shall follow. Standards generally define practices in terms of constraints that must hold for documents. The document types identified by standards include typical development products, such as user requirements, and also process-oriented documents, such as progress reviews and management reports. The degree of standards compliance can be established by checking these documents against the constraints.
A Framework to Support the Harmonization between Multiple Models and Standards
It is currently possible to observe that, in order to deal with the issue of quality, a variety of models, standards and methodologies have been developed to provide support in different domains of the IT industry. The implementation and institutionalization of these approaches allow organizations to improve, mature, acquire and institutionalize best practices and management systems, and the multiple problems and needs of many dimensions and organizational hierarchies are therefore resolved through the use of multiple approaches, such as COBIT, CMMI, ISO 9001, Risk IT, Val IT, ITIL, ISO 20000, ISO 90003, ISO 12207, ISO 27001, and so forth. The great diversity and heterogeneity of the models and standards that are available, provide organizations with a positive environment which enables them to choose different solutions to various problems and needs such as: Information Security Management Systems (ISMS), Information Technology Governance Processes (IT Governance), development proc...
Standards Management in the Twenty-First Century
International Journal of Standardization Research, 2016
The history of modern standards development provides support for the argument that the process of standardization has evolved in response to crises and opportunities. In the information and communication technologies (ICT) sector, many new groups have become involved in standards setting. In a period of rapid change, standards development in these areas has focused primarily on the provision of functionality. That is, there are few overarching roadmaps for development and issues such as security and interoperability are of less concern for many of the new standards developers. In addition, new oversight structures have emerged that appear to be more responsive to the particular needs of developers in the ICT arena. It may be important for nation states to consider assisting in roadmap development in the ICT arena to insure security and privacy issues are addressed such that these increasingly essential systems are less vulnerable.
Security Standard Compliance Verification in System of Systems
IEEE Systems Journal
Standard compliance in system of systems (SoS) means complying with standards, laws, and regulations that apply to services from several sources and different levels. Compliance is a major challenge in many organizations because any violation will lead to financial penalties, lawsuits fines, or revocation of licenses to operate within specific industrial market. To support the business lifecycle, organizations also need to monitor the actual processes during run time and not only in their design time. Standard compliance verification is important in the lifecycle for reasons, such as detection of noncompliance as well as operational decisions of running processes. With the promotion of connectivity of systems, existing and new security standards can be employed but there are important aspects, such as technically measurable indicators, in the standards and automation of compliance verification that need to be addressed. This article presents an automated and continuous standard compliance verification framework used to check devices, systems, and services for standard compliance during secure onboarding and run time. In addition, a case study for the Eclipse Arrowhead framework is used to demonstrate the functionality of the standard compliance verification in SoS.
Standard Compliance Framework for Effective Requirements Communication
2007
Standard Compliance Framework (SCF) is a framework, which supports application of standards at the stages of achieving, assessing and maintaining the compliance. It uses Trust Case language to develop argument structures demonstrating compliance with standards. The paper presents how SCF is applied to increase effectiveness of requirements communication.
Standard Making: A Critical Research Frontier for Information Systems Research
MIS Quarterly, 2006
Standards have played an important role in the evolution of information and communication technology (ICT). ICTs are defined here as technologies dedicated to information processing, involving the use of digital computers and software to convert, store, protect, process, transmit, and retrieve information (Wikipedia 2005). These technologies, in general, establish the technological infrastructure upon which information system and applications are built.