A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems

Abstract

An intrinsic difficulty in ensuring security of information systems is that assailants (crackers) are active persons who can get knowledge and skills day after day and then continuously attack target information systems always with new techniques. Therefore, designers, developers, users, and maintainers of information systems with high security requirements need continuous supports for their tasks to protect the systems from assailants. However, until now, there is no systematic methodology proposed for this purpose. Based on our consideration that the continuous supports for system designers, developers, users, and maintainers only can be provided by a standard, formal, and consistent methodology, this paper proposes the new concept of security engineering environment and presents a real security engineering environment we are developing based on ISO/IEC information security standards in order to provide designers, developers, users, and maintainers with standard, formal, and consistent supports for design, development, operation, and maintenance of information systems with high security requirements.