Stephan Faßbender

Learn More
Assembling an information security management system (ISMS) according to the ISO 27001 standard is difficult, because the standard provides only very sparse support for system development and documentation. Assembling an ISMS consists of several difficult tasks, e.g., asset identification, threat and risk analysis and security reasoning. Moreover, the(More)
Considering legal aspects during software development is a challenging problem, due to the cross-disciplinary expertise required. The problem is even more complex for cloud computing systems, because of the international distribution, huge amounts of processed data, and a large number of stakeholders that own or process the data. Approaches exist to deal(More)
The ISO 27000 is a well-established series of information security standards. The scope for applying these standards can be an organisation as a whole, single business processes or even an IT application or IT infrastructure. The context establishment and the asset identification are among the first steps to be performed. The quality of the results produced(More)
In order to gain their customers' trust, software vendors can certify their products according to security standards, e.g., the Common Criteria (ISO 15408). However, a Common Criteria certification requires a comprehensible documentation of the software product. The creation of this documentation results in high costs in terms of time and money. We propose(More)