IT Security Certification and Criteria. Progress, Problems and Perspectives
نویسنده
چکیده
IT security certification and IT security evaluation criteria have changed their character compared with the first efforts ca. 20 years ago. They have also gained more interest within civilian and commercial application areas. Therefore this paper compares them with earlier criticism and with the new challenges in IT security. After an introduction into the concept of security certification the established IT security certification schemes and the related criteria are presented. Then their weaknesses and problems are described, in particular with regard to nowadays security requirements. Improvements of the criteria and the certification systems are presented, and suggestions for using current certification and evaluation schemes despite their shortcomings are made.
منابع مشابه
What Is Wild ?
“In the Wild” virus detection is part of the criteria of National Computer Security Association (NCSA) Anti-virus Product Certification, SECURE COMPUTING Checkmark Certification, the proposed UK IT Security Evaluation and Certification (ITSEC) anti-virus product certification and other product review and evaluation schemes. However, companies which use “certified” products, based on “In the Wil...
متن کاملChallenges for IT Infrastructure Supporting Secure Network-Enabled Commercial Airplane Operations
[Abstract] The numerous benefits of enabling commercial airplanes to communicate over networks are only obtained at the price of introducing security threats to onboard systems. A primary threat arises from the opportunity for corruption of safety-critical and business-critical airplane loadable software distributed via networks from off-board systems. The FAA recognizes that the unprecedented ...
متن کاملAchieve Cyber Security with the Help of Common Criteria Certification Today’s industry and government organizations are highlighting cyber security and information
Today’s industry and government organizations are highlighting cyber security and information assurance as one of their top IT priorities. Cyber threats are presented by both individuals and nation-sponsored groups with intentions spanning the theft of trade secrets, “hacktivism” (the invasion or disruption of systems for activist purposes) and espionage. Similarly, new problems are rising arou...
متن کاملOntological Mapping of Common Criteria's Security Assurance Requirements
The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool, which is based on an ontological representation...
متن کاملSupporting User Evaluation of IT Security Certification Schemes
IT Security Certification is an increasingly important qualification for information technology (IT) professionals seeking employment in IT security. Yet currently there is a lack of rigorously developed approaches to support the evaluation and selection by key stakeholders of the most appropriate IT security certification scheme from among hundreds of vendor-neutral and vendor-specific schemes...
متن کامل