El sitio web de la UCLM utiliza cookies propias y de terceros con fines técnicos y de análisis.Aviso de Cookies
05th May 2020
Our colleagues Javier Verdugo and Moíses Rodríguez have published the article Assessing data cybersecurity using ISO/IEC 25012 in the magazine Software Quality Journal from the publisher SPRINGER.
Data is increasingly important and is considered a company's most valuable asset.
As data is becoming the primary driver of business value, data quality and specifically data security are of paramount importance to businesses.
Several regulations related to cybersecurity have been developed, such as the Democratic People's Republic of Korea Act and the Cybersecurity Act, demonstrating the importance that influential legislative institutions attach to cybersecurity.
A number of security-related standards have emerged in recent years, in particular the ISO/IEC 27000 series. However, they focus on management systems and security infrastructure and ignore the security of the data itself.
Other data quality related standards, such as ISO 8000, do not address data security in depth either.
Therefore, this document proposes a framework for the assessment of cyber data security, consisting of a quality model, an assessment process and a tool for the visualization of the assessment results.
This assessment framework has been used as the basis for a cybersecurity certification scheme, which complements other certifiable data and security-related standards such as ISO/IEC 27001 and ISO 8000.
This work also presents the results of a pilot project in which the cybersecurity of data in a commercial product was assessed. The results of this pilot application allowed us to validate the feasibility of the defined evaluation framework.