A STANDARD BEST PRACTICE APPROACH TO ACQUISITION OF SECURE ICT PRODUCTS

DAN SHOEMAKER; NANCY R. MEAD

首页> 外文期刊>EDPACS: The EDP audit, control and security newsletter >A STANDARD BEST PRACTICE APPROACH TO ACQUISITION OF SECURE ICT PRODUCTS

【24h】

A STANDARD BEST PRACTICE APPROACH TO ACQUISITION OF SECURE ICT PRODUCTS

机译：采购安全ICT产品的标准最佳实践方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The activity of purchasing system and software products is a risky one. Without direct insight into how such products are built, how can a customer organization ensure that off-the-shelf products are secure and reliable? In this article, we recommend that customer organizations establish a standard method for acquiring products that helps ensure security. Using ISO 12207-2008 Systems and Software Engineering-Software Lifecycle Processes as a framework, we describe a complete approach that considers risks at every stage of the procurement process. Organizations can use this approach to tailor a repeatable, observable method that can be shared with a supplier. At a time when so many products promise to be faster, cheaper, or better, following a standard method can help those responsible for procuring software ensure the safety and security of their organizations.

机译：购买系统和软件产品的活动是冒险的。如果不直接了解此类产品的制造方式，那么客户组织如何才能确保现成的产品安全可靠？在本文中，我们建议客户组织建立一种获取产品的标准方法，以帮助确保安全性。我们以ISO 12207-2008系统和软件工程-软件生命周期过程为框架，描述了一种在采购过程的每个阶段都考虑风险的完整方法。组织可以使用此方法来定制可重复的，可观察的方法，并与供应商共享。在许多产品承诺更快，更便宜或更优质的时代，遵循一种标准方法可以帮助负责软件采购的人员确保其组织的安全性。

著录项

来源
《EDPACS: The EDP audit, control and security newsletter》 |2014年第6期|共9页
作者
DAN SHOEMAKER; NANCY R. MEAD;
展开▼
作者单位

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类计算复杂性理论;
关键词

相似文献

外文文献
中文文献
专利

1. A STANDARD BEST PRACTICE APPROACH TO ACQUISITION OF SECURE ICT PRODUCTS [J] . DAN SHOEMAKER, NANCY R. MEAD EDPACS: The EDP audit, control and security newsletter . 2014,第6期

机译：采购安全ICT产品的标准最佳实践方法
2. DISC Securing Business Benefits From ICT Standards [J] . Kemp A. Computing & Control Engineering Journal . 1997,第1期

机译：DISC通过ICT标准确保业务利益
3. Decision Making Concerning the Acquisition and Use of Information and Communication Technology (ICT) in Medical Practices: Do These Differ Between Male and Female General Practitioners (GPs)? [J] . R.C. MacGregor, P.N. Hyland, C. Harvie Journal of information technology research . 2009,第2期

机译：关于在医疗实践中获取和使用信息和通信技术（ICT）的决策：男性和女性全科医生（GPs）是否有所不同？
4. DISC Securing Business Benefit From ICT Standards [C] . Potter, D. . 1997

机译：DISC通过ICT标准确保业务利益
5. Supervisory Control and Data Acquisition (SCADA) Systems and Cyber-Security: Best Practices to Secure Critical Infrastructure [D] . Morsey, Christopher. 2017

机译：监督控制和数据采集（SCADA）系统和网络安全：确保关键基础设施安全的最佳实践
6. An inclusive approach to raising standards in general practice: working with a community of practice in Western Australia [O] . Moyez Jiwa, Kathleen Deas, Jackie Ross, 2009

机译：全面提高标准的包容性方法：与西澳大利亚州的实践社区合作
7. nyk of the Lviv University. Series Law KEYWORDS abuse of authority, abuse of power, abuse of official status, abuse of office acts of the European Union, international legal regulation, employment, right to free movement advocacy, advocate activity, advocacy science, advocatologie, theory of advocacy appeal proceeding, grounds to judgement revision, inconsistency of the court’s findings at first instance with the actual circumstances of the criminal proceedings, cancellation or alteration of the judgment charity organization, founder, assets of charity organization, constituent documents criminal proceedings, subjects of criminal proceedings, the suspect, the suspect law, criminal procedure, international standards employer’s duty, right to the moral injury compensation, social insurance from an industrial accident, social need, labour dispute forms of the legal actions of the collective of employees historical and legal science department, scientific activity law enforcement equipment, individual legal act, the means of forming the content of the enforcement act, requirements for registration of individual legal act attributes (properties) of acts of law legal formula (construction), qualified corpus delicti of a crime, degree of social danger, crime-forming feature legal social community legal technique, technology, legal act, legal system, lawmaking legitimacy, investigation of crime, concept of criminalistics, criminalistics recommendations, tactical methods measures aimed at providing criminal proceedings, procedural sanction, monetary penalty, pre-trial investigation national implementation, forms of implementation, implementation practice, European states, international treaties participant, shareholder, partnership, acquisition, changing, suspension proof, probability, likelihood, credibility in evidence, reliability scientific school, research, development land, agricultural and environmental law, Lviv Scientific School land, agricultural and environmental law the High Council of Justice of Ukraine, the National Council of Justice of the Republic of Poland, judges’ independence, international standards of the judiciary the presumption of the labor legal personality OPEN JOURNAL SYSTEMS Journal Help USER Username Password Remember me Login NOTIFICATIONS View Subscribe LANGUAGE Select LanguageSubmit JOURNAL CONTENT Search Search Scope Search Browse By Issue By Author By Title Other Journals FONT SIZE Make font size smallerMake font size defaultMake font size larger INFORMATION For Readers For Authors For Librarians HOME ABOUT LOGIN REGISTER SEARCH CURRENT ARCHIVES ANNOUNCEMENTS Home > No 67 (2018) > Марін ONCE AGAIN ON THE RETROACTIVE EFFECT OF THE CRIMINAL LAW IN TIME IN THE ASPECT OF INDIRECT CRIMINALIZATION [O] . Oleksandr Marin 2018

机译：LVIV大学的尼克。系列律师关键词滥用权威，滥用权力，滥用官方地位，滥用欧盟办公室行为，国际法律监管，就业，自由运动倡导，倡导活动，倡导科学，倡导性宣传理论，倡导呼吁的理论，理由修改，法院调查结果的不一致事实，判决慈善组织的实际情况，取消或改变判决慈善机构，慈善组织的创始人，慈善机构资产，组成文件刑事诉讼，刑事诉讼主题，嫌疑人，嫌疑法，刑事诉讼，国际标准雇主的责任，道德伤害赔偿权，社会保险从工业事故，社会需求，劳动争端形式的员工历史和法律科学部的法律行为，科学活动执法设备，个人法律法案，制定执法法案的内容，法律法律公式（建设）行为的个人法律法案（属性），犯罪的合格犯罪，社会危险程度，犯罪形成特征法律社会社会法律技术，技术，法律法，法律制度，立法合法性，犯罪调查，犯罪概念，犯罪建议，战术方法旨在提供刑事诉讼，程序制裁，货币罚款，预审调查预审国家实施，执行形式，实施实践，欧洲国家，国际条约参与者，股东，伙伴关系，收购，不断变化，暂停证明，概率，可能性，可信度在证据，可靠性科学学校，研究，开发土地，农业和环境法，利沃科学校园，农业和环境法律议理乌克兰的冰，波兰共和国国家司法委员会，法官的独立，国际标准的司法部门劳动法人的推定开放期刊系统期刊帮助用户用户名密码记住我登录通知查看订阅语言选择lobsumberubmit期刊内容搜索搜索范围搜索按问题浏览作者标题在间接刑事定罪方面，再次对刑法的追溯效应及时

A STANDARD BEST PRACTICE APPROACH TO ACQUISITION OF SECURE ICT PRODUCTS

摘要

著录项

相似文献

相关主题

期刊订阅