- Created by: Kath_Siobhan
- Created on: 17-10-18 12:02
Qualititative - uses scales of Low, Medium, Highto describe the magnitude of potential consequence and its liklihood.
Semi-Quantitative - Subjectie, simplifies numeric scales (0.01 to 1.00).
Quantitative - Objective. Uses 'realistic' numerical values to describe impact an likliihood.
- Single Loss Expectancy (SLO) X Annualised Loss Expectancy (ALE).
Common Criteria for Information Technology Security Evaluation - International Standard for computer security verification.
Security claims about a product can be independantly verified.
CC developed from 3 previous standards.
Trusted Computer System Evaluation Criteria
Fundamental Computer Security Requirements
A secure system will control access to information such that only properly authorised individuals, or processes operating on their behalf, will have access to read, write, create and delete information.
6 fundamental requirements are derived from this statement
- Security Polocy - Explicit, Well defined, enforced
- Continuous protection