Evaluation model for computer security software products based on ISO/IEC 15408 Common Criteria

Authors

  • José Alejandro Chamorro López Password Consulting Services, Cali
  • Francisco Pino Grupo de I&D en Ingeniería del Software Universidad del Cauca, Popayán

DOI:

https://doi.org/10.18046/syt.v9i19.1095

Keywords:

Assessment model, Common Criteria, performance, levels, TOE, ST

Abstract

This article presents a model that enables software developers to evaluate their products under the ISO / IEC 15408 Common Criteria, starting with a risk analysis to several companies in Colombia, selected by the obligations to comply in the level of security law information, with an unfavorable outcome that demonstrate the need to implement the standard. From these results we developed a model, which achieves software conceptualized in a TOE (Target of evaluation) which corresponds to an ICT (Information and Communications), and evaluated according to a ST (Secure Target) Common Criteria portal officer, under the functions and required levels in order to identify shortcomings in compliance and safety recommendations for improvement.

Author Biographies

  • José Alejandro Chamorro López, Password Consulting Services, Cali
    Bio Statement is available in Spanish
  • Francisco Pino, Grupo de I&D en Ingeniería del Software Universidad del Cauca, Popayán
    Bio Statement is available in Spanish

Downloads

Published

2011-12-04

Issue

Vol. 9 No. 19 (2011)

Section

Original Research

License

This journal is licensed under the terms of the CC BY 4.0 licence (https://creativecommons.org/licenses/by/4.0/legalcode).