Good Example Of Essay On Security Architecture And Models
Type of paper: Essay
Topic: Criteria, Security, Evaluation, Business, Assurance, Products, Standard, Information
Common Criteria represents the outcomes of the efforts to develop criteria for evaluation of IT security that are useful widely within the international community. This is development and alignment of a number of source criteria. Common criteria resolve technical and conceptual differences between the Source Criteria. This is the contribution to development of international standard and open ways to mutual recognition of evaluation results worldwide. Security Architecture and Models domain contains principles, concepts, standards, and structures used to design, implement, secure, and monitor, equipment, operating systems, applications, networks, and the controls used to enforce various levels of integrity, confidentiality, and availability (Nancy, 2013).
Common Criteria is a descendant of the United States Department of Defense Trusted Security Evaluation Criteria (TCSEC) in 1970’s. It was informally known as the “Orange Book.” Germany issued their own version, the Green Book, several years later as did the Canadians and the British. ITSEC soon followed, this is a consolidated security evaluations European standard. In 1994, the United States joined the Europeans in the development of international Common Criteria first version. The first version of Common Criteria was published in January1996 for comment. The second version was as a result of trials and reviews for a period of two years and thereafter published in the year 1998. (ISO) the International Organization for Standard adopted Version 2.0 as ISO 15408 in the year 1999. Common Criteria version 2.1 was issued in August 1999. Common Criteria is also called ISO 15408. The Common Criteria has been embraced by many countries through the Common Criteria Recognition Arrangement (CCRA); those who signed agreed to accept Common Criteria evaluation results conducted by other members of CCRA. The National Information Assurance Partnership (NIAP) was formed with the aim of administering security evaluation program in the US that makes use of Common Criteria as an evaluation standard (NIAP, 2005).
In the year 2005, interpretations made by then were incorporated into Version 2.3 which is an update. Published as ISO/IEC 15408-3:2005, 15408-2:2005, and 15408-1:2005; CEM’s corresponding update was then published as ISO/IEC 18045:2005. Version 3.1 of Common Criteria was published in September 2006. This new version incorporated all the approved interpretations and provided major changes to the requirements of Security Assurance. Minor changes were incorporated in the year 2007 to Version 3.1, these revisions became official.
CC is comprised of 3 parts: part one, is the General Model and Introduction, part two; is the Requirements for Functional Security, and part three, is the Requirements for Security Assurance. In part three, actions that should be taken in order to gain assurance are specified, but it doesn’t state how to conduct those actions; (CEM) Common Evaluation Methodology was created to address this for assurance lower levels. The methodology is common and is the basis on which nations which are members agreed to the results of one another evaluation as stated in the Recognition of CC Certificates Arrangement in the field of IT Security. It was signed first in the year 2000 and other member countries continue to join the agreement.
Common Criteria Certification is a very rigorous process that involves product testing by third-party laboratory accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) to conduct product evaluation against the security requirements, based on predefined Evaluation Assurance Levels (EALs). The need for security is very important for financial services, health care and other industries. Whether they are protecting their financial and intellectual assets, customers’ privacy, assurance that hard drives, networks and phone lines are secure and safe from viruses, hackers and other malicious activities is important. Common Criteria Certification can provide independent validation though it is not a requirement outside the federal government (Abrams et al, 2000).
The Common Criteria permits comparability between the independent security evaluations results. It does so by providing a set of requirements that are common for IT products security functionality and for assurance measures applied to IT products during security evaluation. Evaluation process establishes a level of confidence that those products security functionality and the assurance measures applied to IT products meet the requirements. Evaluation results can aid consumers in determining whether IT products fulfill their security needs. The Common Criteria addresses information protection from unauthorized modification, disclosure, or loss of use. Protection categories relating to these three types of security failure are called integrity, confidentiality, and availability respectively. The Common Criteria can also be applicable to IT security aspects outside these three. Non-repudiation of origin or information receipt, and authenticity of information and communication partners are typical additional aspects to be considered. The Common Criteria is applicable primarily to arising risks from human activities and those from non-human activities. CC enable objective evaluation to validate that a certain system or product satisfies defined set of security requirements. CC also presents a standard that is of interest those who are responsible for developing security requirements (Nancy, 2013).
Abrams, M. D. & Brusil, P. (2000). "Application of the Common Criteria to a System: A Real-World Example." Computer Security Journal. Pp. 11-21.
Herrmann, D. & Keith, S. (2001). "Application of Common Criteria to Telecomm Services: A Case Study." Computer Security Journal. Pp. 21-28.
NIAP. (2005). Common Criteria Evaluation and Validation Scheme. Retrieved 5 February, 2015 from <https://www.niap-ccevs.org/Documents_and_Guidance/cc_docs.cfm>
Nancy M. (2013). The Common Criteria. Retrieved 5 February 2015 from <https://buildsecurityn.us-cert.gov/articles/best-practices/requirements-engineering/the-common-criteria>