While information security plays an important role in protecting the data and assets of an organisation, we often hear news about security incidents, such as defacement of websites, server hacking and data leakage. Organisations need to be fully aware of the need to devote more resources to the protection of information assets, and information security must become a top concern in both government.
compare to http://www.networkworld.com/news/2006/030706-government-cio-survey.html
ISO/IEC 15408 (Evaluation Criteria for IT Security)
The international standard ISO/IEC 15408 is commonly known as the “Common Criteria” (CC)12. It consists of three parts: ISO/IEC 15408-1:2005 (introduction and general model), ISO/IEC 15408-2:2005 (security functional requirements) and ISO/IEC 15408-3:2005 (security assurance requirements). This standard helps evaluate, validate, and certify the security assurance of a technology product against a number of factors, such as the security functional requirements specified in the standard.
Hardware and software can be evaluated against CC requirements in accredited testing laboratories to certify the exact EAL (Evaluation Assurance Level)
http://isotc.iso.org/livelink/livelink/fetch/2000/2489/Ittf_Home/PubliclyAvailableStandards.htm
No hay comentarios:
Publicar un comentario