9: INFORMATION STATE ANALYSIS FOR COMPONENTS AND SUBSYSTEMS
INTRODUCTION
One of the most daunting challenges currently facing security researchers and practitioners is one of determining how secure a specific computer subsystem, product, or component may be. There have been numerous attempts to apply a variety of criteria to this problem so information systems implementers and purchasers can make judgments about security issues in the acquisition and implementation of specific products and architectures. This unrewarding pursuit finds its highest expression in the search for the secure computer out of the box.
Currently, the methodology in use for the government is known as the Common Criteria. This is the evaluation process that evolved from ...
Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.