To obtain access to full text of journal and articles you must register!
- Article name
- THEORETICAL ASPECTS OF INFORMATION SECURITY CERTIFICATION
- Authors
- Sheremet I. A., , sheremet_ia@aprf.gov.ru, Militarily-Industrial Commission of Government of Russia, Moscow, Russia
Markov A. S., , mail@cnpo.ru, JSC "NPO "Echelon", Moscow, Russia
- Keywords
- information security / data protection / technical regulations / conformity assessment / compliance assessment / performance / efficiency / IT product / paradigm / risk-based approach / directive approach / purposeful process / operation security
- Year
- 2015 Issue 4 Pages 7 - 15
- Code EDN
- Code DOI
- Abstract
- The theoretical questions of information security compliance assessment are considered. The terminology basis for information security certification is briefly presented. It is proposed to consider the certification as a purposeful process (operation), the effectiveness of which is measured by indicators of security of the evaluation object and programming environment. The directive paradigm and risk-oriented paradigm for information security certification are considered. The consistency of the risk-oriented paradigm of certification from the viewpoint of its effectiveness is proved. The characteristic features of a promising paradigm for information security certification are formulated. The features of software security testing methods are reviewed. Some of the ways to ensure the completeness of the test results with current registers of the defects and security vulnerabilities as well as the Common Criteria methodology are shown. A brief statistics of testing the proposed approaches are given.
- Text
- To obtain access to full text of journal and articles you must register!
- Buy
