Please enable JavaScript.
Coggle requires JavaScript to display documents.
IT Sicherheit - 9. Security Assurance (Motivation/Introduction (Security…
IT Sicherheit - 9. Security Assurance
Motivation/Introduction
Security Assurance provides justification that a target meets security requirements
Security Requirements
desired security properties of a type of product
Assurance
certification that targets meets requirements
Target
product or part of a product
Internal Assurance should already be part of a vendors secure engineering process
which can then be extended by external, independent third-party assurance
Main Drivers
Government policies
Commercial expectations
Security
Trusted Computer System Evaluation Criteria (TCSEC)
Common Criteria
Terminology
Target of Evaluatoin (TOE)
software, OS, Workstation,...
Security Target (ST)
Protection Profiles (PP)
Security Assurance Reqiurements (SAR)
description of how assurance is to be gained that the TOE meets the SRFs
Evaluation Assurance Level (EAL)
Security Dunctional Requirements (SFR)
translation of the security Objectives fpr the TOE into a standarized language
Cryptographic Modules