G.H.R. Caceres and Y. Teshigawara (Japan)
Knowledge base, ISO/IEC 15408, ISO/IEC 15446, Threat
Model, Web Application, Security Audit, Security Target.
Many international standards exist in IT security field.
This research is based on ISO/IEC 15408, ISO/IEC 15446,
ISO/IEC 13335, ISO/IEC 17799 and ISO/IEC TR 19791.
This paper, proposes a security policy making flexibly
and adaptable to users’ environments to defend them
against the information system environment threats, by
creating a safely networking environment. This proposed
model allows a user to select the appropriate policy
agilely and effectively according to the user’s
environment. In addition, in order to identify the threats of
the IT environment, we are using a Threat Model based
on ISO/IEC 15446 and ISO/IEC 13335. Each of the
identified threats to security is addressed by one or more
security policy based on evaluated IT products by CC and
on ISO/IEC 17799. At the same time, this model allows
the user to select the appropriate IT products evaluated by
Common Criteria (CC) or in the future operational
systems evaluated by ISO/IEC 19791.