A Study on the Management of Security Risk by Testing and Certification Work Process

Key Points

• To analyze security threats in testing and certification processes and propose management strategies.
• Analyzed security risks across five stages: application, receipt, testing, report generation, issuance.
• Mapped ISO/IEC standards and frameworks to identify 37 essential items.
• Expanded to 98 items incorporating expert feedback and defense industry security elements.
• Selected 51 core security elements through expert validation.
• Identified medium or higher security risks at all testing stages.
• Highlighted key elements for effective security management, including organizational structure and legal compliance.
• Provided prioritized action items for enhancing security management in certification bodies.

Abstract