Abstract
A number of different security standards exist and it is difficult to choose the right one for a particular project or to evaluate if the right standard was chosen for a certification. These standards are often long and complex texts, whose reading and understanding takes up a lot of time. We provide a conceptual model for security standards that relies upon existing research and contains concepts and phases of security standards. In addition, we developed a template based upon this model, which can be instantiated for given security standard. These instantiated templates can be compared and help software and security engineers to understand the differences of security standards. In particular, the instantiated templates explain which information and what level of detail a system document according to a certain security standard contains. We applied our method to the well known international security standards ISO 27001 and Common Criteria, and the German IT-Grundschutz standards, as well.
Author supplied keywords
Cite
CITATION STYLE
Beckers, K., C Ô Té, I., Fenz, S., Hatebur, D., & Heisel, M. (2014). A structured comparison of security standards. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8431, 1–34. https://doi.org/10.1007/978-3-319-07452-8_1
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
