Data Recovery Information Security Customer Service Kuert

Home Page Information Security Standards and recommendations

Ask your question
Standards and recommendation




Standards and recommendations

The milestones of information security

 

 

 

 

 The US Department of Defense published its Trusted Computer System Evaluation Criteria standard in December 1985, which allows qualifying information systems on the basis of security aspects. This standard is still applied and obligatory in the field of information technology purchases for government and defense systems in the USA . TCSEC classifies IT systems into four groups on the basis of security aspects, qualifying the effectiveness of security control built in the information processing systems on the basis of protection levels of different strengths. Currently the D, C1, C2, B1, B2, B3 and A1 classes are applied, where D represents the minimal, and A1 the highest level of proven individual protection. The classification requires qualification to be performed in four areas: security policy, accountability, assurance and documentation. 
The first version of ITSEC (Information Technology Security Evaluation Criteria) was elaborated jointly by England , France , the Netherlands and Germany in 1990, as a European counterpart of TCSEC. Version 1.2 of ITSEC was issued for use in the European Community experimentally in 1991. In respect of its principles and requirements, ITSEC  basically agrees with TCSEC. However, in addition to the security classes interpreted in the same way as TCSEC, ITSEC also determines security classes for the relevant types of IT systems for which it determines the basic security features of TCSEC, but it highlights in each case only the requirements that characterize the given type of system (basic functions of reliable IT systems, functionality classes, protection mechanisms, qualification criteria and qualification stages). 

Version 1.2 of ITSEC was issued for experimental use in the EU. At the same time the draft of Common Criteria (CC) was elaborated under the support of the EU, US and Canadian governments, aimed at harmonizing the contents and technical differences of the former recommendations. Version 2.0 of Common Criteria was published in 1998. The CC 2.0 document was also published, with the same contents, by ISO/IEC with the number 15408, entitled “Common Criteria for Information Technology Security Evaluation, version 2.0”.

 

 

  • It determines uniform requirements that are independent of the mode of implementation.

     

  • It provides a uniform method of evaluation for the evaluation and certification of IT systems and products in respect of IT security.

     

  • It determines the catalog of security requirements for IT systems comprising categories of several levels.

     

  • It can be equally applied for examining software and hardware.

     

  • The products can be selected in a flexible way, as the requirements are not specific to hardware or software.

     

  • Security functionality can be defined, which means the Protection Profiles in the terms of CC, which can be independently classified in one of the seven Evaluation Assurance Levels, or EALs, determined in CC.

     

ITIL 2. (BS 15000:2000)

 

 

BS 7799-1 (ISO/IEC 17799:2000)

 

 

BS 7799-2

 

 

ISO 9000-3

 

 

COBIT 3

 

 

  • For the top management, it gives help in the risk management of the continuously changing IT environment and in considering the investment alternatives for establishing controls.

     

  • For the users, it ensures the control and security of IT services.

     

  • For information system controllers, it provides a uniform ground for qualifying internal controls as well as the estimations and advising for the management.

     

 

 



Sitemap | Contact | Privacy Statement