Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 Security Extension

Artigo Revisado por pares

Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 Security Extension

2014; Elsevier BV; Volume: 48; Linguagem: Inglês

10.1016/j.cose.2014.09.003

ISSN

1872-6208

Autores

Antoni‐Lluís Mesquida, Antònia Mas,

Tópico(s)

Software Engineering Techniques and Practices

Resumo

The ISO/IEC 15504 international standard can be aligned with the ISO/IEC 27000 information security management framework. During the research conducted all the existing relations between ISO/IEC 15504-5 software development base practices and ISO/IEC 27002 security controls have been analysed and the ISO/IEC 15504 Security Extension has been developed. This extension details the changes that software companies should make in the software lifecycle processes for the successful implementation of the related security controls. To attain our research objectives, we evaluate the ISO/IEC 15504 Security Extension through case studies in a sample of software development organizations. This study follows the design science research paradigm that is based on constructive research.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 Security Extension