A New Model of Software Life Cycle Processes for Consistent Design, Development, Management, and Maintenance of Secure Information Systems

摘要

This paper presented a new model of software life cycle processes for consistent design, development, management, maintenance, and abolition of secure information systems. The model clearly specifies tasks for engineering security facilities, standards underlying the tasks, and a regular sequence of the tasks. We clarified the model by extracting tasks related to security from ISO/TEC 12207 and adding new tasks. We also clarified ISO standards underlying the tasks and a sequence of the tasks. The model can be customized as software life cycle processes for various systems with particular purposes. Users of software life cycle processes according to the model can continuously and consistently design, develop, manage, maintain, and abrogate secure information systems whose security is ensured by ISO standards. We will complete the model by defining detailed activities. A regular sequence of the tasks and ISO standards underlying the tasks should be clarified. There is no ISO standards can be used in software integration, software construction, software disposal, software configuration management, and software problem resolution tasks. We will also investigate other standards for software integration, software construction, software disposal, software configuration management, and software problem resolution tasks. A part of a regular sequence is not based on reliable standards. We should investigate standards that order the tasks.