|
ITSEC:
ITSEC - Information Technology Security Evaluation Criteria.
Only used in Europe
Two main attributes - Functionality and Assurance.
Is a criteria for both security products and security systems and refers to both as the target of evaluation (TOE).
Common Criteria:
Is an international evaluation standard.
EAL - Evaluation assurance level.
Protection profile - The set of security requirements, their meaning and reasoning and the corresponding EAL rating.
Two main attributes - Functionality and Assurance.
Five sections of the protection profile -
- Descriptive elements
- Rationale
- Functional requirements
- Development assurance requirements
- Evaluation assurance requirements
Certification <-> Accreditation
Certification:
Is the technical evaluation of the security components and their compliance for the purpose of accreditation.
Is the process of assessing the security mechanisms and controls and evaluating their effectiveness.
Accreditation:
Is the formal acceptance of the adequacy of a system's overall security by the management.
Is management's official acceptance of the information in the certification process findings.
Open Systems <-> Closed Systems
Open Systems:
Have an architecture that has published specifications, which enables third-party vendors to develop add-on components and devices.
Provides interoperability between products by different vendors of different operating systems, applications and hardware devices.
Closed Systems:
Use an architecture that does not follow industry's standards.
Interoperability and standard interfaces are not employed to enable easy communication between different types of systems and add-on features.
Are proprietary, meaning that the system can only communicate with like systems.
|
|
