skip to main content
10.1145/1500774.1500830acmotherconferencesArticle/Chapter ViewAbstractPublication PagesafipsConference Proceedingsconference-collections
research-article
Free access

Acceptance criteria for computer security

Published: 07 June 1982 Publication History

Abstract

Acceptance criteria define the degree of quality required and identify areas to be examined in evaluating the degree of quality. Three categories of computer security acceptance criteria are proposed: functionality, performance, and development method. Each is further divided into sub-categories. Aids in formulating requirements and criteria are noted, including the use of organizational policies and risk analysis methods. Quantification is shown as a volatile tool, since numbers are often treated as single data points rather than as ranges. A set of principles is presented, to be followed in formulating acceptance criteria. Illustrative principles are as follows: (1) Get a good start, (2) make sure everyone understands, (3) distinguish shall from should, and (4) explain why. The acceptance determination process is discussed, a key point being that intermediate products must be approved. The value of acceptance criteria is in making the product better and the judgment easier.

References

[1]
"Secure-System Evaluation." In 1979 Summer Study on Air Force Computer Security. 18 June to 13 July 1979. Cambridge. Massachusetts. The Charles Stark Draper Laboratory, Inc., 1979, p. 84.
[2]
Bowen, John B. "Are Current Approaches Sufficient for Measuring Software Quality?" Proceedings of the Software Quality and Assurance Workshop, 7, nos. 3--4 (1978). ACM Special Interest Group on Measurement and Evaluation.
[3]
Saltzer, J. H., and M. D. Schroeder. "The Protection of Information in Computer Systems." Proceedings of the IEEE, 63 (1975), pp. 1278--1308.
[4]
Miller, Edward F., Jr. "Tutorial, Program Testing Techniques." Computer Software and Applications Conference 1977. Software Research Associates, 1977.
[5]
Konigsford, William L. "Developing Standards for Operating System Security." Computer Security Journal, Spring 1981, p. 49.
[6]
Computer Control Guidelines, The Canadian Institute of Chartered Accountants, 1970. The figure was adapted from pages 46--49.
[7]
Control Objectives---1980, EDP Auditors Foundation for Education and Research, 1980.
[8]
O'Toole, Thomas, and Jim Schefter. "The Bumpy Road That Led Man To The Moon," The Washington Post, 15 July 1979.
[9]
Williams, Walter C. "Lessons From NASA." IEEE Spectrum, Vol. 18, No. 10, October 1981.
[10]
Davis, Keagle, Touche Ross & Co., private communication, 1980.
[11]
Williams, "Lessons From NASA," p. 80 (ref. 9).
[12]
IBM Corp. "Establishing a Data Processing Security Program." Computer Security Manual, Computer Security Institute, 1980, p. 1.20.

Cited By

View all
  • (2024)Comparative and Business Impact Analysis (BIA) of Cybersecurity Risks in the Use of HTTP or HTTPS Protocols for Web Portals. Case Study: District Municipalities of Metropolitan Lima2024 Tenth International Conference on eDemocracy & eGovernment (ICEDEG)10.1109/ICEDEG61611.2024.10702059(1-9)Online publication date: 24-Jun-2024
  • (1989)A methodology for penetration testingComputers and Security10.1016/0167-4048(89)90054-08:7(613-620)Online publication date: 1-Nov-1989

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
AFIPS '82: Proceedings of the June 7-10, 1982, national computer conference
June 1982
857 pages
ISBN:088283035X
DOI:10.1145/1500774
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • AFIPS: American Federation of Information Processing Societies

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 1982

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)390
  • Downloads (Last 6 weeks)24
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Comparative and Business Impact Analysis (BIA) of Cybersecurity Risks in the Use of HTTP or HTTPS Protocols for Web Portals. Case Study: District Municipalities of Metropolitan Lima2024 Tenth International Conference on eDemocracy & eGovernment (ICEDEG)10.1109/ICEDEG61611.2024.10702059(1-9)Online publication date: 24-Jun-2024
  • (1989)A methodology for penetration testingComputers and Security10.1016/0167-4048(89)90054-08:7(613-620)Online publication date: 1-Nov-1989

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media