Information Technology Security Evaluation Criteria

The Information Technology Security Evaluation Criteria (ITSEC) was the first attempt at establishing a single standard for evaluating security attributes of computer systems and products by many European countries. The United States looked to the Orange Book and Rainbow Series, and Europe employed ITSEC to evaluate and rate computer systems. (Today, everyone is migrating to the Common Criteria, explained in the next section.)

ITSEC evaluates two main attributes of a system’s protection mechanisms: functionality and assurance. When the functionality of a system’s protection mechanisms is being evaluated, the services that are provided to the subjects (access control mechanisms, auditing, authentication, ...

Get CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.