Common criterial for information technology security evaluation, which is called Common Criteria (CC) is an international standard for computer information security which explicitly specify the security needs of computer users. These standards govern different factors related to computer security like the process of information security specification, implementation and evaluation. These criterion act as a guide for all information security experts therefore they should turn to it when they have to make a decision about setting up an IT security system (Denning, 1999), it could be the hardware or the software parts. The following of the guide lines is not only necessary for the information security itself but also for the eligibility to get the ISO/IEC 15408 certificate (Horie, Yajima, Azimah, Goto, & Cheng, 2009). The Common Criterial is divided in to three main parts ("ISO/IEC Standard 15408 — ENISA").
Part 1: Introduction and general model (15408-1): This is a general overview of the standards. The user can use this part as a start to understand and implement the overall criteria for information security.
Part 2: Security functional requirements (15408-2): This part explains specific functional components that form the overall template of the overall security policy that is in compliance with the international standards.
Part 3: Security assurance requirements (15408-3): This parts suggests assurance components that contribute to the standard template. This part is also use as a guide towards an evaluation criteria.
The three parts are used alike by the developers and evaluators of the information security systems to help guide them to achieve international standards in their respective fields of information s...
... middle of paper ...
...t organizations should have internal training to inform the employees about the importance of adopting to these ethics and who they can help them in their professional life. This could help in diverting the negative behavior of the employees regarding the ethics related to information security towards positive.
I would like to conclude my discussion by stressing on following the Common Criteria to be in line with the ISO/IEC 15408 standards. Getting in compliance with these standards can not only get the desired certification but also improve the organizational security status. Ethics should always be kept in mind whenever a policy is devised for information security. There should be no part of the information policy that could lead to compromising on ethics. This way high standards can be achieved while keeping the privacy and security of others intact.
Need Writing Help?
Get feedback on grammar, clarity, concision and logic instantly.Check your paper »
- Discuss how administrative agencies like the Securities and Exchange Commission (SEC) or the Commodities Futures Trading Commission (CFTC) take action in order to be effective in preventing high-risk gambles in securities / banking, a foundation of the economy. JPMorgan Chase is one of the oldest industries financial firms in the United States. It is the head in financial business with an asset of $2.3 trillion, and the largest market capitalization and deposit base of any U.S. banking institution.... [tags: bank, economy, security]
1003 words (2.9 pages)
- This research paper looks at the issues today surrounding identity theft and consumer fraud in the banking industry. It looks at how biometrics, or fingerprint recognition specifically, can help strengthen the security that banks provide for the safeguarding of the personal information of their customers. Because of banks being targets both online and offline for identity theft and consumer fraud, this paper discusses how business is done today and how their security may be enhanced with the implementation of fingerprint recognition software.... [tags: Technology, Innovation, Security]
1930 words (5.5 pages)
- Abstract. Use of grid systems has increased tremendously since their inception in 90’s. With grids, users execute the jobs without knowing which resources will be used to run their jobs. An important aspect of grids is VO (Virtual Organization). VO is a group of individuals, pursuing a common goal but under different administrative domains. Grids share large computational and storage resource that are geographically distributed among a large number of users. This very nature of grids, introduces quite a few security challenges.... [tags: Information Technology ]
2469 words (7.1 pages)
- Internet Security Internet Security is the most important aspect of information technology. It has been years since computer has been invented and to keep the information confidential we have to safeguard this information. The importance of integrating security measures into systems development. Every business has their own security systems to reach their goals of information security. The computer world created security systems in order to reduce risk, maintain confidentiality, ensure the reliability of data resources, and compliance with national security laws and privacy policies and laws.... [tags: Internet Privacy Security Web Essays]
1457 words (4.2 pages)
The Cyber Induced Electrical Interference, And The Event Displays The Potential Susceptibility Of Critical Infrastructure
- Ukraine was the first cyber induced electrical interference, and the event displays the potential susceptibility of critical infrastructure to cyber attacks. The threat is no longer a problem of the future, but a relevant issue that threatens U.S. stability. Nevertheless, CI organizations and governments must review and establish regulations to enhance their cyber defenses. ICS and SCADA. As discussed previously, the introduction of new technologies has revamped the CI environment, enabling the oil and gas, energy, and water distribution networks to operate seamlessly with minimal manual input.... [tags: Security, National security, Information security]
1184 words (3.4 pages)
- Executive Order 13416 Strengthening Surface Transportation Security The purpose of this executive order is to make sure American surface transportation security is protected from terroristic acts. Surface transportation is a critical infrastructure that includes “…highways, transit systems, railways, and waterways that comprise the intermodal transportation network…” (Surface Transportation Policy and Legislation, 2013). It is a critical infrastructure because surface transportation makes a huge impact on the American economical system and effects American way of life.... [tags: terrorists, infrastructure, transportation]
1416 words (4 pages)
- Abstract Through the history of aviation the importance of airport security has steadily increased. Since the terrorist attack of September 11, 2001, many changes have taken place at airports to prevent such an attack from occurring again. The purpose of this paper is to: outline airport security procedures, discuss the different technologies involved with airport security, as well as examine the components of airport security. In addition I will also discuss the Transportation Security Administration’s role in our nation’s airport security.... [tags: TSA Essays]
2721 words (7.8 pages)
- Understanding the roles, responsibilities and the relationships in education and training In this diverse world, the roles and responsibilities of a teacher change with time and circumstance. It is impossible to set a fixed definition of either as they change continually. However, there are some roles and responsibilities that are common to all trainers in education system to facilitate the learners’ achievement and success. According to Gravells(2014,p3) the five stages in teaching/ learning cycle i.e.... [tags: Education, Assessment, Evaluation]
841 words (2.4 pages)
- Chern’s has set the minimum entrance requirements for the management training program at five years of company experience, a college degree from an accredited university, and a minimum job performance rating at 3 or higher. Therefore, the multiple hurdle approach should be used for the selection of the training program candidates for the minimum entrance requirements, company experience, college degree and performance evaluation rating for the Grand Junction store. The candidates would have met all the minimum entrance requirements before being allowed to continue to the next phase of the selection process.... [tags: Employment, Assessment, Evaluation]
752 words (2.1 pages)
- OSI Model and Security The Open Systems Interconnection Model is a conceptual model describing how any combination of devices can are connected for the purpose of network communication and troubleshooting (Panko & Panko, 2015). Comparing the OSI model’s layers to the levels of application security will shed light on application vulnerabilities. Layer 1 of the OSI model is the Physical Layer. At this layer the OSI model focuses on wires, signals, and repeaters. The security threats are inadequate power, unrestricted access and open wall ports (Holl, 2003).... [tags: OSI model, OSI protocols, Internet Protocol Suite]
774 words (2.2 pages)