Security Case and Design Good Practice

Risk Management

Qualititative - uses scales of Low, Medium, Highto describe the magnitude of potential consequence and its liklihood. 

Semi-Quantitative - Subjectie, simplifies numeric scales (0.01 to 1.00).

Quantitative - Objective. Uses 'realistic' numerical values to describe impact an likliihood. 

  • Single Loss Expectancy (SLO) X Annualised Loss Expectancy (ALE). 
1 of 3

Common Criteria

Common Criteria for Information Technology Security Evaluation - International Standard for computer security verification. 

Security claims about a product can be independantly verified.

CC developed from 3 previous standards.

  • TCSEC
  • ITSEC
  • CTCPEC
2 of 3

Trusted Computer System Evaluation Criteria

Fundamental Computer Security Requirements

A secure system will control access to information such that only properly authorised individuals, or processes operating on their behalf, will have access to read, write, create and delete information. 

6 fundamental requirements are derived from this statement

  • Security Polocy - Explicit, Well defined, enforced
  • Marking 
  • Identification 
  • Accountability
  • Assurance
  • Continuous protection
3 of 3

Comments

No comments have yet been made

Similar Computing resources:

See all Computing resources »See all Security Case resources »