KIPS Transactions on Software and Data Engineering (정보처리학회논문지:소프트웨어 및 데이터공학)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Software Security Supplementation Guide Line Based on ISO 27001 for the SP Certified Organization

SP 인증 조직의 소프트웨어 보안 향상을 위한 ISO 27001 적용방안 연구

  • Received : 2014.09.29
  • Accepted : 2014.10.15
  • Published : 2014.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

The SP quality assessments from national IT industry promotion agency of Korea(NIPA) assesses ability of software development process. And the SP quality assessments is getting popular over the nation. But, in the SP quality assessments, there is no concern about security attribute. In this paper new secure process base on ISO 27001 is proposed for the organization that is already passed SP quality assessments. This process can detect security threatening factors and gives chance to protect those factors. Furthermore, since detected security weaknesses can be used as a measurement, the system can be managed in aspect to security attribute.

한국의 정보통신산업진흥원(NIPA)에서 제공하는 SP 품질 인증은 소프트웨어 개발 프로세스의 역량을 평가 및 인증하는 제도이다. SP 품질인증은 국내에서 개발된 인증모델로서 전국적으로 확산되고 있다. 최근 보안성이 문제되고 있으나, SP 품질 인증에서는 별도의 보안 속성에 대한 프로세스를 정의하고 있지 않다. 본 논문에서는 SP 품질 인증을 획득한 기업 및 조직들의 보안성 향상을 위해 ISO 27001을 기반으로 하는 새로운 보안 프로세스를 제시한다. 제안 프로세스를 통해 보안 위협요소들을 검출해낼 수 있고, 이러한 요소들에 대처할 수 있는 기회를 제공한다. 또한 검출된 보안 취약점은 보안 척도로 이용될 수 있으므로 시스템의 보안 측면 관리가 가능하다.

Keywords

References

  1. H. S. Yang, D. H. Bae, "Standardization of Software Quality and Trend of Test Certification Technologies," KIISE, Vol.23, No.3, pp.45-55, 2005.
  2. K. S. Lee, J. W. Kim and Y. E. Jung, "Software Quality Evaluation using Software Development Guideline," KIISE, Vol.29, No.2, pp.121-123, 2002.
  3. El Emam, K., Jung, H.-W, "An empirical evaluation of the ISO/IEC 15504 assessment model," Quality control and applied statistics, Vol.47, No.5, pp.583-586, 2002.
  4. Fusaro, P., El Emam, K., and Smith, B, "Evaluating the Interrater Agreement of Process Capability Ratings," Proceedings of the International Software Metrics Symposium, Vol.4, pp.2-11, 1997.
  5. I. O. Song, "An Empirical Research on Software Process Model of Small Business for SP-Certirication," Master's Thesis of SoongSil Graduate School, 2010.
  6. TTA, "GS Certification," 2013.
  7. W. S. Kim, J. W. Oh, K. H. Yoon, C. W. Lee, C. S. Wu, W. H. Jang and S. H. Lee, "A Reference Model for Software Quality Certification," KIISE, Vol.28, No.2, pp.526-528, 2001.
  8. Jeffrey M. Voas, "Certification: Reducing the hidden costs of poor quality," IEEE Software, Vol.16, No.4, pp.22-25, 1999.
  9. NIPA, "Quality Certification of SW Process," 2011.
  10. J. M. Lee, "Investigation in Evaluation Matrix for Security Software Product," KIISE, Vol.33, No.2, pp.427-432, 2006.
  11. C. D. Cho, "Effectiveness Proof through Case Studies of Software Process Quality Certification Standards," Master's Thesis of ChungAng Graduate School, 2011.
  12. http://ko.wikipedia.org/wiki/ISO/IEC_27001, 2013.
  13. ISO/ICE 27001, "Information technology Security techniques Information security management systems Requirements," 2005.