Abstract
The rapid growth of information technology (IT), our growing dependence on it, and the corresponding skyrocketing security problems arising from it have all created a high demand for comprehensive security mechanisms, and best practices mitigate these security problems. Solutions on two fronts are sought for. First well-implemented mechanisms and best practices are needed for fundamental security issues like cryptography, authentication, access control, and audit. Second, comprehensive security mechanisms are also needed for all security products so that consumers are assured of products and systems that meet their business security needs. The response to this high demand for security products has been an avalanche of products of all types, capabilities, varying price range, effectiveness, and quality. You name a product and you get a flood from vendors. As the marketplace for security products get saturated, competing product vendors and manufacturers started making all sorts of claims about their products in order to gain a market niche. In this kind of environment then, how can a customer shop for the right secure product, what security measures should be used, and how does one evaluate the security claims made by the vendors? Along the way, making a choice of a good effective security product for your system or business has become a new security problem we want to focus on in this chapter.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wikipedia. http://en.wikipedia.org/wiki/Open_standard
Bradner S. FRC 2026: the internet standards process—revision 3. Network Working Group. https://tools.ietf.org/html/rfc2026
Mercuri R. Standards insecurity. Commun ACM, December 2003, 46(12) 21–25
Computer Security Evaluation FAQ, Version 2.1. http://www.faqs.org/faqs/computer-security/evaluations/
An Oracle White Paper. Computer security criteria: security evaluations and assessment, July 2001. http://otndnld.oracle.co.jp/deploy/security/pdf/en/seceval_wp.pdf
Oracle Technology Network. Security evaluations. http://www.oracle.com/technetwork/topics/security/security-evaluations-087427.html
Department of Defense Standards. Trusted computer system evaluation criteria. http://www.iwar.org.uk/comsec/resources/standards/rainbow/5200.28-STD.html
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Kizza, J.M. (2017). Standardization and Security Criteria: Security Evaluation of Computer Products. In: Guide to Computer Network Security. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-55606-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-55606-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-55605-5
Online ISBN: 978-3-319-55606-2
eBook Packages: Computer ScienceComputer Science (R0)