Term
| What are the four main qualities of Security Standards? |
|
Definition
1. They focus on Information Security.
2. They are written by committees.
3. They are widely adopted as the basis for program construction.
4. Compliance openly or tacitly equated with security due diligence by audit community. I.e., if you follow the standard, you have security, but this is not a good basis for security. |
|
|
Term
| Security Standards (systemigram) |
|
Definition
| They dictate process that recommends controls that reduce vulnerability. |
|
|
Term
| Security Process Standards (three parts) |
|
Definition
1. Wrapper: Introduction, audience
2. Ontology: Set of objects in its domain
3. Teleology: Steps to implement process. |
|
|
Term
| What is the ontology of a Security Process Standard? |
|
Definition
| The set of objects in its domain. |
|
|
Term
| What is the teleology of a Security Process Standard? |
|
Definition
| The steps to implement the process. |
|
|
Term
| What is a security assurance case? |
|
Definition
| A structured set of arguments and a corresponding body of evidence to demonstrate that a system satisfies specific claims with respect to its security properties. |
|
|
