Supplement of security-related parts of ISO/IEC TR 15504

Sang Ho Kim, Choon Seong Leem, Tai Hoon Kim, Jae Sung Kim

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

ISO/IEC TR 15504, the Software Process Improvement Capability Determination (SPICE), provides a framework for the assessment of software processes. This framework can be used by organizations involved in planning, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of software. But, in the ISO/IEC TR 15504, considerations for security are relatively poor to others. For example, the considerations for security related to software development and developer are lacked. In this paper we propose a process related to security by comparing ISO/IEC TR 15504 to ISO/IEC 21827 and ISO/IEC 15408. The proposed scheme may be contributed to the improvement of security for IT product or system.

Original languageEnglish
Pages (from-to)1084-1089
Number of pages6
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2869
Publication statusPublished - 2003 Dec 1

Fingerprint

Software engineering
Planning
Monitoring
Software Process Improvement
Software Process
Software Development
Software
Framework

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

@article{34ef12cd672e420d9ade67eeb40bf85d,
title = "Supplement of security-related parts of ISO/IEC TR 15504",
abstract = "ISO/IEC TR 15504, the Software Process Improvement Capability Determination (SPICE), provides a framework for the assessment of software processes. This framework can be used by organizations involved in planning, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of software. But, in the ISO/IEC TR 15504, considerations for security are relatively poor to others. For example, the considerations for security related to software development and developer are lacked. In this paper we propose a process related to security by comparing ISO/IEC TR 15504 to ISO/IEC 21827 and ISO/IEC 15408. The proposed scheme may be contributed to the improvement of security for IT product or system.",
author = "Kim, {Sang Ho} and Leem, {Choon Seong} and Kim, {Tai Hoon} and Kim, {Jae Sung}",
year = "2003",
month = "12",
day = "1",
language = "English",
volume = "2869",
pages = "1084--1089",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

Supplement of security-related parts of ISO/IEC TR 15504. / Kim, Sang Ho; Leem, Choon Seong; Kim, Tai Hoon; Kim, Jae Sung.

In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 2869, 01.12.2003, p. 1084-1089.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Supplement of security-related parts of ISO/IEC TR 15504

AU - Kim, Sang Ho

AU - Leem, Choon Seong

AU - Kim, Tai Hoon

AU - Kim, Jae Sung

PY - 2003/12/1

Y1 - 2003/12/1

N2 - ISO/IEC TR 15504, the Software Process Improvement Capability Determination (SPICE), provides a framework for the assessment of software processes. This framework can be used by organizations involved in planning, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of software. But, in the ISO/IEC TR 15504, considerations for security are relatively poor to others. For example, the considerations for security related to software development and developer are lacked. In this paper we propose a process related to security by comparing ISO/IEC TR 15504 to ISO/IEC 21827 and ISO/IEC 15408. The proposed scheme may be contributed to the improvement of security for IT product or system.

AB - ISO/IEC TR 15504, the Software Process Improvement Capability Determination (SPICE), provides a framework for the assessment of software processes. This framework can be used by organizations involved in planning, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of software. But, in the ISO/IEC TR 15504, considerations for security are relatively poor to others. For example, the considerations for security related to software development and developer are lacked. In this paper we propose a process related to security by comparing ISO/IEC TR 15504 to ISO/IEC 21827 and ISO/IEC 15408. The proposed scheme may be contributed to the improvement of security for IT product or system.

UR - http://www.scopus.com/inward/record.url?scp=0142245570&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0142245570&partnerID=8YFLogxK

M3 - Article

VL - 2869

SP - 1084

EP - 1089

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -