Proposal of a Security Policy Making based on Multiple International Standards

G.H.R. Caceres and Y. Teshigawara (Japan)


Knowledge base, ISO/IEC 15408, ISO/IEC 15446, Threat Model, Web Application, Security Audit, Security Target.


Many international standards exist in IT security field. This research is based on ISO/IEC 15408, ISO/IEC 15446, ISO/IEC 13335, ISO/IEC 17799 and ISO/IEC TR 19791. This paper, proposes a security policy making flexibly and adaptable to users’ environments to defend them against the information system environment threats, by creating a safely networking environment. This proposed model allows a user to select the appropriate policy agilely and effectively according to the user’s environment. In addition, in order to identify the threats of the IT environment, we are using a Threat Model based on ISO/IEC 15446 and ISO/IEC 13335. Each of the identified threats to security is addressed by one or more security policy based on evaluated IT products by CC and on ISO/IEC 17799. At the same time, this model allows the user to select the appropriate IT products evaluated by Common Criteria (CC) or in the future operational systems evaluated by ISO/IEC 19791.

Important Links:

Go Back