ISO/IEC 21827

More documents

Recommendations

Info

ISO/IEC 21827:2002(E) Bibliography This bibliography includes references within the document and also other documents related to the subject area. The bibliography includes references in the following subject areas: • Security Engineering; • Security Engineering Process Areas; • Systems/Software Engineering; • Systems/Software Process; • Capability Maturity Model®s. Security Engineering References: BAUER91 Bauer, R.K., Sachs, J., Weidner, M.L., Wilson, W.F., "A Framework for Developing Accreditable MLS AISs," Proceedings of the 14th National Computer Security Conference, October 1-4, 1991. BENZEL89 Benzel, T. C. V., "Integrating Security Requirements and Software Development Standards," Proceedings of the 12th National Computer Security Conference, 10-13 October 1989. CCEB96Common Criteria Editorial Board, "Common Criteria for Information Technology Security Evaluation," Version 1.0, January 31, 1996. CTCPEC93 Canadian Systems Security Centre, Communications Security Establishment, Government of Canada, "The Canadian Trusted Computer Product Evaluation Criteria," Version 3.0e, January 1993. DAWSON93 Dawson M., Moses T., Maj Fletcher T.J. "A Method for Designing Secure System Architecture." Proceedings, 5th Annual Canadian Computer Security Symposium, 1993. DOD85 Department of Defense, "Department of Defense Trusted Computer System Evaluation Criteria," DOD 5200.28-STD, December 1985. GAMBEL93 Gambel, Daniel; Fowler, Joan, "Composing Trusted Systems Using Evaluated Products," Proceedings of the Fifth Annual Canadian Computer Security Symposium, 1993. HINTON93 Hinton, Heather; Lee, E. Stewart, "Secure Composition Based on Environmental Considerations," Proceedings of the Fifth Annual Canadian Computer Security Symposium, 1993. HOPKINSON95 Hopkinson, J. "Security Architecture Framework," Proceedings of the Seventh Annual Canadian Computer Security Symposium, 1995. HOWE92 Howe, D. "Information System Security Engineering: Cornerstone to the Future," Proceedings of the 15th National Computer Security Conference, Baltimore, MD, Vol. 1, October 15, 1992. pp. 144-251. ISO/IEC 11770-1 International Organization for Standardization, "Information Technology - Security Techniques - Key Management - Part 1: Framework". ISO/IEC 13335 International Organization for Standardization, "Information technology - Guidelines for the management of IT security". (all parts) ISO/IEC 14516 International Organization for Standardization, "Information technology - Security techniques - Guidelines for the use and management of Trusted Third Party services". ISO/IEC 15408 International Organization for Standardization, "Information technology - Security techniques - Evaluation criteria for IT security" (common criteria) (all parts). ITSEC91 Information Technology Security Evaluation Criteria, Harmonized Criteria of France-Germany-the Netherlands-the United Kingdom (ITSEC), V1.2, June 1991. ITSEM92 Information Technology Security Evaluation Manual (ITSEM), Draft V0.2, 2 April 1992. JOYNES95 Joynes, M. "Architecture Integration with a service view," Proceedings of the Seventh Annual Canadian LONGLEY Computer Security Symposium, 1995. Longley, Dennis; Shain, Michael; Caelli, William, Information Security Dictionary of Concepts, Standards and Terms. MARMOR89 Marmor-Squires, A., Danner, B., McHugh, J., Nagy, L., Sterne, D., Branstad, M., Rougeau, P., "A Risk Driven Process Model for the Development of Trusted Systems," Proceedings of the Fifth Annual Computer Security Applications Conference, December 4-8, 1989. NCSC88National Computer Security Center, "Glossary of Computer Security Terms," 21 October 1988. NIST National Institute of Standards and Technology, "An Introduction to Computer Security: The NIST Handbook". NSA93CNational Security Agency Central Security Service, "Information Systems Security Engineering Handbook," December 17, 1993. NSTISSI92 National Security Telecommunications and Information Systems Security, "National Information Systems Security (INFOSEC) Glossary," NSTISSI No. 4009, June 5, 1992. 120 © ISO/IEC 2002 – All rights reserved
ISO/IEC 21827:2002(E) Security Engineering Process Area References: CSE Communication Security Establishment, "A Framework for Security Risk Management for Information Technology Systems," Ottawa, GOC. CSE95 Communication Security Establishment, "A Guide to Risk Management and Safeguard Selection for Information Technology Systems," Ottawa, GOC, 1995. DOE90 National Institute of Standards and Technology, "Department of Energy Risk Assessment Methodology," NISTIR 4325, May 1990 DOD92b Department of Defense, Strategic Defense Initiative Organization, "Trusted Software Methodology" Volumes 1 & 2, SDI-S-SD-000007, June 17, 1992. DOJ90 National Institute of Standards and Technology, "Department of Justice Simplified Risk Analysis Guidelines," NISTIR 4387, August 1990. KEMMERER83 Kemmerer, R.A., "Shared Resource Matrix Methodology: An approach to Identifying Storage and Timing Channels," ACM Trans. on Computer Sys., Vol 1 No. 3, August 1983. LINDE75 Linde, R.R, "Operating Systems Penetration," AFIPS Conference Proceedings, Vol. 44, 1975 National Computer Conference, AFIPS Press, Arlington VA, 1975. NIST94aNational Institute of Standards and Technology, "A Head Start on Assurance: Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness," NISTIR 5472, March 21-23, 1994. NIST94bNational Institute of Standards and Technology, "Proceedings Report of the International Invitational Workshop on Developmental Assurance,", NISTIR 5590, June 16-17, 1994. NORVELL89 Norvell, W., "Integration of Security into the Acquisition Life Cycle," Proceedings of the 12th National Computer Security Conference, 10-13 October 1989. NSA93a National Security Agency, "Rating Maintenance Phase Program Document" (DRAFT), Version 2.0, October 1993 NSA93c National Security Agency Central Security Service, "Information Systems Security Engineering Handbook," December 17, 1993. SDI92b GE (for Strategic Defense Initiative Organization), "Trusted Software Key Process Area," Initial Issue, 30 SMITH90 September 1992. Smith, S.T.; Jalbert, M.L., "LAVA/CIS Version 2.0: A Software System for Vulnerability and Risk Assessment," Proceedings of the 13th National Computer Security Conference, Volume II, 1 Oct 1990. WICHERS94 Wichers, D.; Landoll, D., Sachs, J., "What Color is Your Assurance," Proceedings of the 1994 National Computer Security Conference, October 11-14, 1994. Systems/Software Engineering References: BASS91 Bass, Len, and Coutaz, Joelle, Developing Software for the User Interface, 1991, 51046. BROOKS95 Brooks, Frederick P., "The Mythical Man-Month," Essays on Software Engineering, Anniversary Edition, 1995, 83595. CMU95 Carnegie Mellon University / Software Engineering Institute, "The Capability Maturity Model: Guidelinesfor Improving the Software Process," 1995, 54664. GOLDBERG95 Goldberg, Adele, and Rubin, Kenneth S., Succeeding With Objects: Decision Framework for Project Management, 1995, 62878. GOMAA93 Gomaa, Hassan, Software Design Methods for Concurrent and Real-Time Systems, 1993, 52577. GRAHAM93 Graham, Ian, Object-Orientated Methods, Second Edition, 1993, 59371. HUMPHREY95 Humphrey, Watts S., A Discipline for Software Engineering, 1995, 54610. JACOBSON95a Jacobson, Ivar, et al., "The Object Advantage: Business Process Reengineering with Object Technology," ACM Press, 1995, 42289. JACOBSON95b Jacobson, Ivar, et al., "The Object-Orientated Software Engineering," ACM Press, 1995, 42289. LEVESON95 Leveson, Nancy G., Safeware: System Safety and Computers, 1995, 11972. NEUMANN95 Neumann, Peter G., Computer-Related Risks, ACM Press, 1995. SMITH90 Smith, Connie U., Performance Engineering for Software Systems, 1990, 53769. WOODCOCK88 Woodcock, Jim, and Loomes Martin, Software Engineering Mathematics, 1988, 50424. Systems/Software Process References: ANSI87 American Society for Quality Control, "Quality Systems - Model for Quality Assurance in Design/Development, Production, Installation, and Servicing," ANSI/ASQC Q91-1987, 1987. BERARD90 Berard, Edward, V., Motivation for an Object-Oriented Approach to Software Engineering, Berard Software Engineering, Inc., Germantown, Md., April 1990. © ISO/IEC 2002 – All rights reserved 121
Page 1 and 2:
INTERNATIONAL STANDARD ISO/IEC 2182
Page 3 and 4:
ISO/IEC 21827:2002(E) Contents Fore
Page 5 and 6:
© ISO/IEC 2002 - All rights reserv
Page 7 and 8:
ISO/IEC 21827:2002(E) Specific Indu
Page 9 and 10:
INTERNATIONAL STANDARD ISO/IEC 2182
Page 11 and 12:
ISO/IEC 21827:2002(E) 3.11 Baseline
Page 13 and 14:
ISO/IEC 21827:2002(E) 3.36 Validati
Page 15 and 16:
ISO/IEC 21827:2002(E) 5 Structure o
Page 17 and 18:
ISO/IEC 21827:2002(E) • Communica
Page 19 and 20:
ISO/IEC 21827:2002(E) Figure 3 - Se
Page 21 and 22:
ISO/IEC 21827:2002(E) Figure 5 - Th
Page 23 and 24:
ISO/IEC 21827:2002(E) Subsequent co
Page 25 and 26:
ISO/IEC 21827:2002(E) • Level 1,
Page 27 and 28:
ISO/IEC 21827:2002(E) Table 3 - 218
Page 29 and 30:
ISO/IEC 21827:2002(E) of which cont
Page 31 and 32:
ISO/IEC 21827:2002(E) • security
Page 33 and 34:
ISO/IEC 21827:2002(E) 7.2.1.2 Goals
Page 35 and 36:
ISO/IEC 21827:2002(E) 7.2.5.1 Descr
Page 37 and 38:
ISO/IEC 21827:2002(E) information f
Page 39 and 40:
ISO/IEC 21827:2002(E) 7.3.7 BP.03.0
Page 41 and 42:
ISO/IEC 21827:2002(E) 7.4.4.3 Notes
Page 43 and 44:
ISO/IEC 21827:2002(E) of existing s
Page 45 and 46:
ISO/IEC 21827:2002(E) 7.5.5.1 Descr
Page 47 and 48:
ISO/IEC 21827:2002(E) acceptable le
Page 49 and 50:
ISO/IEC 21827:2002(E) 7.7.2 BP.07.0
Page 51 and 52:
ISO/IEC 21827:2002(E) 7.8.1.3 Base
Page 53 and 54:
ISO/IEC 21827:2002(E) response shou
Page 55 and 56:
ISO/IEC 21827:2002(E) 7.9 PA09 - Pr
Page 57 and 58:
ISO/IEC 21827:2002(E) rules and pra
Page 59 and 60:
ISO/IEC 21827:2002(E) 7.10.1.3 Base
Page 61 and 62:
ISO/IEC 21827:2002(E) information f
Page 63 and 64:
ISO/IEC 21827:2002(E) In the intere
Page 65 and 66:
ISO/IEC 21827:2002(E) Annex A (norm
Page 67 and 68:
ISO/IEC 21827:2002(E) A.3.2.1 Commo
Page 69 and 70:
ISO/IEC 21827:2002(E) A.3.2.7.2 Not
Page 71 and 72:
ISO/IEC 21827:2002(E) A.3.5 Common
Page 73 and 74:
ISO/IEC 21827:2002(E) A.4.2.2.3 Rel
Page 75 and 76:
ISO/IEC 21827:2002(E) A.4.4.2.1 Des
Page 77 and 78: ISO/IEC 21827:2002(E) A.5.2.2.2 Not
Page 79 and 80: ISO/IEC 21827:2002(E) A.6.2.2.2 Not
Page 81 and 82: ISO/IEC 21827:2002(E) Annex B (norm
Page 83 and 84: ISO/IEC 21827:2002(E) B.3.2.1 Descr
Page 85 and 86: ISO/IEC 21827:2002(E) parameters;
Page 87 and 88: ISO/IEC 21827:2002(E) B.4.1.5 Proce
Page 91 and 92: ISO/IEC 21827:2002(E) B.5.2.3 Notes
Page 93 and 94: ISO/IEC 21827:2002(E) B.5.7 BP.14.0
Page 95 and 96: ISO/IEC 21827:2002(E) B.6.4.2 Examp
Page 97 and 98: ISO/IEC 21827:2002(E) BP.16.08 BP.1
Page 101 and 102: ISO/IEC 21827:2002(E) B.7.10.2 Exam
Page 103 and 104: ISO/IEC 21827:2002(E) • process a
Page 105 and 106: ISO/IEC 21827:2002(E) B.9.1.2 Summa
Page 107 and 108: ISO/IEC 21827:2002(E) B.9.5.2 Examp
Page 109 and 110: ISO/IEC 21827:2002(E) B.10.4.2 Exam
Page 111 and 112: ISO/IEC 21827:2002(E) B.11.2.1 Desc
Page 113 and 114: ISO/IEC 21827:2002(E) performance.
Page 115 and 116: ISO/IEC 21827:2002(E) B.12.3 BP.21.
Page 117 and 118: ISO/IEC 21827:2002(E) B.12.7 BP.21.
Page 119 and 120: ISO/IEC 21827:2002(E) B.13.2.1 Desc
Page 121 and 122: ISO/IEC 21827:2002(E) • communica
Page 123 and 124: ISO/IEC 21827:2002(E) produce the d
Page 125 and 126: ISO/IEC 21827:2002(E) C.5.2 Organiz
Page 127: ISO/IEC 21827:2002(E) C.5.12 Instit
Page 131 and 132: ISO/IEC 21827:2002(E) GOODENOUGH93B
show all

ISO/IEC 21827

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?