ISO/IEC 21827-2002 信息技术.系统安全技术.权限完成模型(SSE-CMM)
作者:标准资料网
时间:2024-05-06 09:47:49
浏览:9168
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:Informationtechnology-SystemsSecurityEngineering-CapabilityMaturityModel(SSE-CMM?)
【原文标准名称】:信息技术.系统安全技术.权限完成模型(SSE-CMM)
【标准号】:ISO/IEC21827-2002
【标准状态】:作废
【国别】:国际
【发布日期】:2002-10
【实施或试行日期】:
【发布单位】:国际标准化组织(ISO)
【起草单位】:ISO/IECJTC1
【标准类型】:()
【标准水平】:()
【中文主题词】:数据传送;提供者;计算机软件;数据安全;定义;安全;数据处理;安全工程;信息交换;电信;信息技术;数据保护
【英文主题词】:Computersoftware;Dataprocessing;Dataprotection;Datasecurity;Datatransfer;Definition;Definitions;Informationinterchange;Informationtechnology;Providers;Safety;Safetyengineering;Telecommunications
【摘要】:TheSSE-CMMRisaprocessreferencemodel.ItisfocussedupontherequirementsforimplementingsecurityinasystemorseriesofrelatedsystemsthataretheITSdomain.WithintheITSdomaintheSSE-CMMRModelisfocussedontheprocessesusedtoachieveITS,mostspecificallyonthematurityofthoseprocesses.ThereisnointentwithintheSSE-CMMRModeltodictateaspecificprocesstobeusedbyanorganization,letaloneaspecificmethodology.RathertheintentisthattheorganizationmakinguseoftheSSE-CMMRModelshoulduseitsexistingprocesses,bethoseprocessesbaseduponanyotherITSguidancedocument.Thescopeencompasses:·thesystemsecurityengineeringactivitiesforasecureproductoratrustedsystemaddressingthecompletelifecydeof:conceptdefinition,requirementsanalysis,design,development,integration,installation,operation,maintenanceendde-commissioning;·requirementsforproductdevelopers,securesystemsdevelopersandintegrators,organizationsthatprovidecomputersecurityservicesandcomputersecurityengineering;·appliestoalltypesandsizesofsecurityengineeringorganizationsfromcommercialtogovernmentandtheacademe.WhiletheSSE-CMMRisadistinctmodeltoimproveandassesssecurityengineeringcapability,thisshouldnotimplythatsecurityengineeringshouldbepractisedinisolationfromotherengineeringdisciplines.Onthecontrary,theSSE-CMMRpromotessuchintegration,takingtheviewthatsecurityispervasiveacrossallengineeringdisciplines(e.g.,systems,softwareandhardware)anddefiningcomponentsofthemodeltoaddresssuchconcerns.TheCommonFeature"CoordinateSecurityPractices"recognizestheneedtointegratesecuritywithalldisciplinesandgroupsinvolvedonaprojectorwithinanorganization.Similarly,theProcessArea"CoordinateSecurity"definestheobjectivesandmechanismstobeusedincoordinatingthesecurityengineeringactivities.ThisInternationalStandardhasarelationshiptoTR15504,particularlypart2,asbothareconcernedwithprocessimprovementandcapabilitymaturityassessment.However,TR15504isspecificallyfocussedonsoftwareprocesses,whereastheSSE-CMMisfocussedonsecurity.ThisInternationalStandardhasacloserrelationshipwiththenewversionsof15504,particularlyCD15504-2,andiscompatiblewithitsapproachesandrequirements.
【中国标准分类号】:L70
【国际标准分类号】:35_040
【页数】:123P;A4
【正文语种】:英语
【原文标准名称】:信息技术.系统安全技术.权限完成模型(SSE-CMM)
【标准号】:ISO/IEC21827-2002
【标准状态】:作废
【国别】:国际
【发布日期】:2002-10
【实施或试行日期】:
【发布单位】:国际标准化组织(ISO)
【起草单位】:ISO/IECJTC1
【标准类型】:()
【标准水平】:()
【中文主题词】:数据传送;提供者;计算机软件;数据安全;定义;安全;数据处理;安全工程;信息交换;电信;信息技术;数据保护
【英文主题词】:Computersoftware;Dataprocessing;Dataprotection;Datasecurity;Datatransfer;Definition;Definitions;Informationinterchange;Informationtechnology;Providers;Safety;Safetyengineering;Telecommunications
【摘要】:TheSSE-CMMRisaprocessreferencemodel.ItisfocussedupontherequirementsforimplementingsecurityinasystemorseriesofrelatedsystemsthataretheITSdomain.WithintheITSdomaintheSSE-CMMRModelisfocussedontheprocessesusedtoachieveITS,mostspecificallyonthematurityofthoseprocesses.ThereisnointentwithintheSSE-CMMRModeltodictateaspecificprocesstobeusedbyanorganization,letaloneaspecificmethodology.RathertheintentisthattheorganizationmakinguseoftheSSE-CMMRModelshoulduseitsexistingprocesses,bethoseprocessesbaseduponanyotherITSguidancedocument.Thescopeencompasses:·thesystemsecurityengineeringactivitiesforasecureproductoratrustedsystemaddressingthecompletelifecydeof:conceptdefinition,requirementsanalysis,design,development,integration,installation,operation,maintenanceendde-commissioning;·requirementsforproductdevelopers,securesystemsdevelopersandintegrators,organizationsthatprovidecomputersecurityservicesandcomputersecurityengineering;·appliestoalltypesandsizesofsecurityengineeringorganizationsfromcommercialtogovernmentandtheacademe.WhiletheSSE-CMMRisadistinctmodeltoimproveandassesssecurityengineeringcapability,thisshouldnotimplythatsecurityengineeringshouldbepractisedinisolationfromotherengineeringdisciplines.Onthecontrary,theSSE-CMMRpromotessuchintegration,takingtheviewthatsecurityispervasiveacrossallengineeringdisciplines(e.g.,systems,softwareandhardware)anddefiningcomponentsofthemodeltoaddresssuchconcerns.TheCommonFeature"CoordinateSecurityPractices"recognizestheneedtointegratesecuritywithalldisciplinesandgroupsinvolvedonaprojectorwithinanorganization.Similarly,theProcessArea"CoordinateSecurity"definestheobjectivesandmechanismstobeusedincoordinatingthesecurityengineeringactivities.ThisInternationalStandardhasarelationshiptoTR15504,particularlypart2,asbothareconcernedwithprocessimprovementandcapabilitymaturityassessment.However,TR15504isspecificallyfocussedonsoftwareprocesses,whereastheSSE-CMMisfocussedonsecurity.ThisInternationalStandardhasacloserrelationshipwiththenewversionsof15504,particularlyCD15504-2,andiscompatiblewithitsapproachesandrequirements.
【中国标准分类号】:L70
【国际标准分类号】:35_040
【页数】:123P;A4
【正文语种】:英语
下载地址:
点击此处下载