Title: CC-Case Based on System Development Life-Cycle Process

Year of Publication: March - 2014
Page Numbers: 29-35
Authors: Tomoko Kaneko, Shuichiro Yamamoto, Hidehiko Tanaka
Conference Name: The International Conference on Computer Security and Digital Investigation (ComSec2014)
- Malaysia


Secure system design faces many risks such as information leakage and denial of service. We propose a method named CC-Case to describe security assurance cases based on the security structures and thereat analysis. CC-Case uses Common Criteria (ISO/IEC15408) and Assurance Case (ISO/IEC15026 part2). While the scope of CC-Case mainly focuses to the requirement stage, CC-Case can handle the life-cycle process of system design, which contains the requirement, design, implementation, test and the maintenance stages. Risks in system development are categorized 3 types: Customer agreement risk, Business continuity risk, and System risk. The life-cycle process of CC-Case strengthens the treatment for system risk and business continuity risk by life-cycle support.