Abstract
To protect the information systems of an organisation an appropriate set of security controls needs to be installed and managed properly. Through a risk analysis exercise, the most effective set of controls is recommended. This analysis or identification process can be subjective and many assumptions are made about the environment. A possible solution may be the definition of suitable protection profiles that will include the best suitable security controls for specific information technology environments. This paper will provide some guidelines in the formation of a fully defined security control. Sets of these controls can be used in the determination of an information security profile that will encompass all aspects of security such that no assumptions need to be made, thereby leading towards a totally secure organization.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35515-3_53
Chapter PDF
Similar content being viewed by others
Key words
References
Department of Defence (DoD). (1985). Department of defence trusted computer system evaluation criteria. Washington D.C.
Information Technology Security Evaluation Criteria (ITSEC). (1990). Harmonized criteria of France, Germany, the Netherlands and the United Kingdom.
European Computer Manufacturers Association (ECMA). (1985). Secure information processing versus the concept of product evaluation, TR/64, Dec. 1995.
Code of Practice for Information Security Management (CoP) BS7799. (1995). British Standards Institute. PD0003, United Kingdom.
IT Baseline Protection Manual (ITBPM). (1995). GISA, BSI, Germany.
Common Criteria for Information Technology Security Evaluation (CCITT). Part 1: Introduction and General Model, Version 2.0, CCIB-98–026, May 1998.
Department of Trade and Industry. (1996). The Information Security Breaches Survey 1996. United Kingdom.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this paper
Cite this paper
Von Solms, R., Van De Haar, H. (2000). From Trusted Information Security Controls to a Trusted Information Security Environment. In: Qing, S., Eloff, J.H.P. (eds) Information Security for Global Information Infrastructures. SEC 2000. IFIP — The International Federation for Information Processing, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35515-3_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-35515-3_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5479-7
Online ISBN: 978-0-387-35515-3
eBook Packages: Springer Book Archive