At the first stage of the Common Criteria process for evaluating the security of information systems, organizational objectives for information security are translated into the specification of all relevant security functions of a becoming system. These specifications are then assessed to specify the subset to be implemented, and further evaluated. The second stage involves risk analysis or related technologies, and the evaluation phase is the major contribution of the common criteria. The derivation of security function specifications from security objectives is the area where further research is needed to provide pragmatic tools for supporting the task. This paper describes a mechanism, harmonization of information security requirements, that aids in this process.
CITATION STYLE
Leiwo, J. (1999). A mechanism for deriving specifications of security functions in the cc framework. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1677, pp. 416–425). Springer Verlag. https://doi.org/10.1007/3-540-48309-8_39
Mendeley helps you to discover research relevant for your work.