Advertisement

Standardization and Security Criteria: Security Evaluation of Computer Products

  • Joseph Migga Kizza
Chapter
Part of the Computer Communications and Networks book series (CCN)

Abstract

The rapid growth of information technology (IT), our growing dependence on it, and the corresponding skyrocketing security problems arising from it have all created a high demand for comprehensive security mechanisms, and best practices mitigate these security problems. Solutions on two fronts are sought for. First well-implemented mechanisms and best practices are needed for fundamental security issues like cryptography, authentication, access control, and audit. Second, comprehensive security mechanisms are also needed for all security products so that consumers are assured of products and systems that meet their business security needs. The response to this high demand for security products has been an avalanche of products of all types, capabilities, varying price range, effectiveness, and quality. You name a product and you get a flood from vendors. As the marketplace for security products get saturated, competing product vendors and manufacturers started making all sorts of claims about their products in order to gain a market niche. In this kind of environment then, how can a customer shop for the right secure product, what security measures should be used, and how does one evaluate the security claims made by the vendors? Along the way, making a choice of a good effective security product for your system or business has become a new security problem we want to focus on in this chapter.

Keywords

Security Requirement Computer Product Security Problem Security Evaluation Security Criterion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
  2. 2.
    Bradner S. FRC 2026: the internet standards process—revision 3. Network Working Group. https://tools.ietf.org/html/rfc2026
  3. 3.
    Mercuri R. Standards insecurity. Commun ACM, December 2003, 46(12) 21–25Google Scholar
  4. 4.
    Computer Security Evaluation FAQ, Version 2.1. http://www.faqs.org/faqs/computer-security/evaluations/
  5. 5.
    An Oracle White Paper. Computer security criteria: security evaluations and assessment, July 2001. http://otndnld.oracle.co.jp/deploy/security/pdf/en/seceval_wp.pdf
  6. 6.
  7. 7.
    Department of Defense Standards. Trusted computer system evaluation criteria. http://www.iwar.org.uk/comsec/resources/standards/rainbow/5200.28-STD.html

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Joseph Migga Kizza
    • 1
  1. 1.University of TennesseeChattanoogaUSA

Personalised recommendations