E-Security & Software Standards

The generic security requirements needed in the areas of information and network security consist of the following interrelated characteristics: information availability, integrity of the information, and confidentiality of the information. Different international organizations related to security standards (such as OECD and CERT) recommend that the information and software security should be considered for a company as a whole. Specifically, the company staff, the processes and technologies related to each other and how they interact, the company management and corporate governance, the company culture and its technology support - all of them can bring vulnerabilities for the information maintained by the company. In the absence of world-wide accepted standards for information systems security, this book edition covers several security aspects for electronic communication and IT software, such as: security aspects of data on electronic media and computers, security aspects of data transmission systems, and security aspects of the information infrastructure in the presence of special categories of interception activities (attacks).

This edition comprises four sections, explained as follows.

Section 1 focuses on Database and Information Systems Security, describing web and database security, effective database system for information risk mitigation, challenges in building trusted information systems, modern technologies used for security of software applications, and the theory of unfaithful information.

Section 2 focuses on Standards for Digital services, describing services for digital citizen, theoretical framework for the adoption of biometrics in m-government applications, ISO/IEC 27000, 27001 and 27002 for information security management, and security enhancements in various e-mail systems.

Section 3 focuses on Information Availability approaches and it describes the most important attributes of the information security, web security and log management, control framework for secure cloud computing, and a conceptual framework for threat assessment.

Section 4 focuses on Software Standards and it describes the proposed modifications to ISO/IEC 25030 standard for software engineering, software quality and evaluation, the ISO 19761 COSMIC measurement standard to reduce `information asymmetry’, software architecture and methodology as a tool for efficient software engineering, comparative analysis between BPMN and SPEM modeling standards in the software processes and a quality assurance model for airborne safety-critical software.