A comparison of the Common Criteria with proposals of information systems security requirements

Abstract

Nowadays, security solutions are focused mainly on providing security defences; instead of solving one of the main reasons for security problems that refers to appropriate information systems (IS) design. Fortunately there are several standards, like the Common Criteria, which help to deal with the security requirements along all the IS development cycle. In this paper a comparative analysis of eight different relevant technical proposals, which place great importance on the establishing of security requirements in the development of IS, is carried out. And they provide some significant contributions in aspects related to security. Nevertheless, they only satisfy partly the necessary criteria for the establishment of security requirements, with guarantees and integration in the development of IS. Thus we conclude that they are not specific enough for dealing with security requirements in the first stages of IS development in a systematic and intuitive way.