Standardization and Security Criteria: Security Evaluation of Computer Products

Kizza, Joseph Migga

doi:10.1007/978-3-319-55606-2_16

Joseph Migga Kizza³

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

The rapid growth of information technology (IT), our growing dependence on it, and the corresponding skyrocketing security problems arising from it have all created a high demand for comprehensive security mechanisms, and best practices mitigate these security problems. Solutions on two fronts are sought for. First well-implemented mechanisms and best practices are needed for fundamental security issues like cryptography, authentication, access control, and audit. Second, comprehensive security mechanisms are also needed for all security products so that consumers are assured of products and systems that meet their business security needs. The response to this high demand for security products has been an avalanche of products of all types, capabilities, varying price range, effectiveness, and quality. You name a product and you get a flood from vendors. As the marketplace for security products get saturated, competing product vendors and manufacturers started making all sorts of claims about their products in order to gain a market niche. In this kind of environment then, how can a customer shop for the right secure product, what security measures should be used, and how does one evaluate the security claims made by the vendors? Along the way, making a choice of a good effective security product for your system or business has become a new security problem we want to focus on in this chapter.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 59.99; Price excludes VAT (USA)

Softcover Book: USD 79.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Wikipedia. http://en.wikipedia.org/wiki/Open_standard
Bradner S. FRC 2026: the internet standards process—revision 3. Network Working Group. https://tools.ietf.org/html/rfc2026
Mercuri R. Standards insecurity. Commun ACM, December 2003, 46(12) 21–25
Google Scholar
Computer Security Evaluation FAQ, Version 2.1. http://www.faqs.org/faqs/computer-security/evaluations/
An Oracle White Paper. Computer security criteria: security evaluations and assessment, July 2001. http://otndnld.oracle.co.jp/deploy/security/pdf/en/seceval_wp.pdf
Oracle Technology Network. Security evaluations. http://www.oracle.com/technetwork/topics/security/security-evaluations-087427.html
Department of Defense Standards. Trusted computer system evaluation criteria. http://www.iwar.org.uk/comsec/resources/standards/rainbow/5200.28-STD.html

Download references

Author information

Authors and Affiliations

University of Tennessee, Chattanooga, TN, USA
Joseph Migga Kizza

Authors

Joseph Migga Kizza
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Kizza, J.M. (2017). Standardization and Security Criteria: Security Evaluation of Computer Products. In: Guide to Computer Network Security. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-55606-2_16

Download citation

DOI: https://doi.org/10.1007/978-3-319-55606-2_16
Published: 26 April 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-55605-5
Online ISBN: 978-3-319-55606-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics