Home > Archive > Security+ > May 2003 > Another Question





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Another Question
Williamd000

2003-03-25, 11:00 am

Hi Heres another question.
The defacto IT security evaluation criteria for the international community is called?
1- Common Criteria
2- Global Criteria
3- TCSEC
4- ITSEC

I believe its 1.
rlrouns

2003-03-25, 12:44 pm

You are correct. Here is a link to the common criteria page: http://csrc.nist.gov/cc/index.html
RussS

2003-03-25, 2:34 pm

Snap :-)
Hacker

2003-04-10, 7:19 pm

Yes, CC is used. Previously, it was the Orange Book, part of the Rainbow Series. For example, Cyberguard (www.cyberguard.com) uses CC to benchmark its firewalls.
gat0r

2003-04-22, 8:47 pm

that question was on the test i took this week.
Burneweb

2003-05-22, 10:44 am

http://216.239.37.100/search?q=cache:B569Tf8FdZcJ:www.bsi.de/zertifiz/itkrit/itsec-en...&hl=en&ie=UTF-8

and

niap.nist.gov/CRCchapter.PDF

The "international" defacto standard is ITSEC

which means Information Technology Security Evaluation Criteria
Burneweb

2003-05-22, 10:52 am

http://216.239.37.100/search?q=cache:B569Tf8FdZcJ:www.bsi.de/zertifiz/itkrit/itsec-en...&hl=en&ie=UTF-8

and

http://niap.nist.gov/CRCchapter.PDF

The "international" defacto standard is ITSEC

which means Information Technology Security Evaluation Criteria
Burneweb

2003-05-22, 10:53 am

http://216.239.37.100/search?q=cache:B569Tf8FdZcJ:www.bsi.de/zertifiz/itkrit/itsec-en...&hl=en&ie=UTF-8 (You may have to cut and paste this URL)

and

http://niap.nist.gov/CRCchapter.PDF

The "international" defacto standard is ITSEC

which means Information Technology Security Evaluation Criteria
azimuth40

2003-05-22, 12:02 pm

quote:
Originally posted by Burneweb
http://216.239.37.100/search?q=cache:B569Tf8FdZcJ:www.bsi.de/zertifiz/itkrit/itsec-en...&hl=en&ie=UTF-8 (You may have to cut and paste this URL)

and

http://niap.nist.gov/CRCchapter.PDF

The "international" defacto standard is ITSEC

which means Information Technology Security Evaluation Criteria


There is conflicting info here and it looks like ITSEC was superceeded. There was never an "international" defacto standard, there were five separate standards and ITSEC was the Euoropean standard; CC is the merging of the five standards. ITSEC was done in 1991, CC started in 1993 and everyone signed off in 1997-1998. This URL will give you the entire history of how we arrive at Common Critera.

http://www.commoncriteria.org/cc/part1/part1a.html

and further at

http://www.commoncriteria.org/docs/origins.html

and here

http://www.commoncriteria.org/faq/faq.html

You can get a users guide in acrobat format here

http://www.commoncriteria.org/intro...iews/index.html
Burneweb

2003-05-22, 12:07 pm

Ok, I see. As many posters have said, the wording of these questions are tricky. I think the best way to have stated this question would be "The Current Defacto ..."

Thanks for the info.

~Burneweb~
dwilliamjoe

2003-05-29, 8:18 am

What is the CC?

A1. The Common Criteria for information Technology Security Evaluation (CC) defines general concepts and principles of IT security evaluation and presents a general model of evaluation. It presents constructs for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems.
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net