Monday, March 4, 2019
System Security Criteria
Trusted calculating machine System Evaluation Criteria (TCSEC) is utilise in classifying and evaluating the computer security in any given constitution of rules especially where sensitive information is involved. For that reason any organization much(prenominal) as Medical Credential Company has to initially consider a few factors as well as meet security criteria as provided by TCSEC. There exists four divisions (D,C,B, and A) and C,B, and A are further shared into classes but in the context of this study, only classes C-2 (Controlled Access Protection) and B-3 (Security Domains) will be considered.By choosing family C-2 means that the company opts for Discretionary Security Protection which is on a lower floor Division C. class C-2 offers defense of the sensitive information/data against and espial of user abuse of authority and direct probing. Besides, class C-2 alike protects the system form activities of non-users and users who may not be using catty programs. cast C -2 employs security controls for all objects in the system which may be personal files and/or specific devices.Subsequently, an individual is supposed to identify and manifest him/her self before login into the system and after using a run translate of what he/she has done is kept. Therefore Class C-2 puts wildness on audit trail for evaluation purposes. For that reason, it calls for a selective method to record all events which have occurred and tools to examine the audit record (DoD, 1985). On the opposite hand, Class B-3 which falls below Mandatory Security Protection, Division B, puts emphasis on security domains in the system.Systems that conform to Class B-3 criteria enforce what Class C-2 criteria entails, discretionary security policies, and its policy. Therefore, Class B-3 is has more has security features compared to class C-2. fence being substantial confidence is created that the computer system is protected against disparage techniques for instance human error, direct probing, and abuse of authority by users.In particular Class B-3 protects the system from intentional subversions of the computer security methods hence it is widely employed in addressing defense mechanisms against malicious programs. Besides, a computer system that meets security requirements for Class B3 entails security kernel which implements a reference monitoring device principle which lacks in Class C-2. Both of these classes entail security requirements -classified under policy, accountability, and self-assertion- aimed at regulating access to information.Security policy, marking, identification, and accountability specify what control measures that needfully to be put in place to regulate access to information. Besides, assurance and continuous protection provides guidelines on how a person can concord credible assurance that oerall security is achieved in a trusted system but security requirements in the two classes differ (DoD, 1985 Nibaldi, 1979). forecas t 1.Table of security requirements for classes C2 and B3. Legend x -no requirement - class has same requirements as the next lower class R-class has extra requirement over the lower classes. NB Adopted from DoD 5200. 28-STD The security requirements outlined in the above table are functionally-oriented and it is in order for the security tutor of the company to consider employing security controls first.Considering the security criteria employed by Class B3, as a security manager in the company, it would be reveal to seek certification for Class B3. References DoD. (1985, December). DoD standard Trusted Computer System Evaluation Criteria, DoD 5200. 28-STD. Retrieved August 22, 2010 from http//www. dynamoo. com/orange/fulltext. htm Nibaldi, G. H. (1979, November). Specification of A Trusted Computing Base, M79-228, AD-A108- 831 (TCB), MITRE Corp. , Bedford, Mass.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.