High Assurance Products in IT Security

High Assurance Products in IT Security

Rayford B. Vaugh (Mississippi State University, USA)
DOI: 10.4018/978-1-59140-911-3.ch012
OnDemand PDF Download:


Corporate decisions concerning the purchase of security software and hardware appliances are often made based simply on the recommendations of the technical staff, the budget process (return on investment arguments), and/or a sales presentation and assertions. This chapter addresses the notion of trusted products and assurance in those products (i.e., confidence in the correct operation of a product) and how assurance is gained through independent review and testing. Early attempts to measure assurance in trusted products are described (some products today still refer to these procedures). Modern approaches to measuring assurance will be discussed in the context of ISO Standard 15408 (the Common Criteria (CC)). Current U.S. federal government policy concerning the use of evaluated products is presented, as well as a discussion of why industrial organizations may wish to consider such products.

Complete Chapter List

Search this Book:
Table of Contents
Merrill Warkentin, Rayford Vaughn
Chapter 1
Dieter Fink, Tobias Huegle, Martin Dortschy
This chapter identifies various levels of governance followed by a focus on the role of information technology (IT) governance with reference to... Sample PDF
A Model of Information Security Governance for E-Business
Chapter 2
Merrill Warkentin, Allen C. Johnston
Every enterprise must establish and maintain information technology (IT) governance procedures that will ensure the execution of the firm’s security... Sample PDF
IT Security Governance and Centralized Security Controls
Chapter 3
Charla Griffy-Brown, Mark W.S. Chun
This chapter demonstrates the importance of a well-formulated and articulated information security policy by integrating best practices with a case... Sample PDF
A Case Study of Effectively Implemented Inormation Systems Security Policy
Chapter 4
Raj Sharman, K. Pramod Krishna, H. Raghov. Rao, Shambhu Upadhyaya
Threats to information security are pervasive, originating from both outside and within an organization. The history of computer security is dotted... Sample PDF
Malware and Antivirus Deployment for Enterprise Security
Chapter 5
Gurpreet Dhillon, Sushma Mishra
This chapter discusses the impact of Sarbanes-Oxley (SOX) Act on corporate information security governance practices. The resultant regulatory... Sample PDF
The Impact of the Sarbanes-Oxley (SOX) Act on Information Security
Chapter 6
Jun Du, Yuan-Yuan Jiao, Jianxin (Roger) Jiao
This chapter develops a security blueprint for an e-business environment taking advantage of the three-tiered e-business architecture. This security... Sample PDF
A Security Blueprint for E-Business Applications
Chapter 7
Ammar Masood, Sahra Sedigh-Ali, Arif Ghafoor
Enterprise integration is the key enabler for transforming the collaboration among people, organization, and technology into an enterprise. Its most... Sample PDF
Security Management for an E-Enterprise
Chapter 8
Edgar R. Weippl, Markus Klemen
Small and medium enterprises (SMEs) increasingly depend on their information technology (IT) infrastructure but lack the means to secure it... Sample PDF
Implementing IT Security for Small and Medium Sized Enterprises
Chapter 9
E-Commerce Security  (pages 131-149)
Steven Furnell
This chapter considers the requirements for security in business-to-consumer e-commerce systems. Experience to date has revealed that these services... Sample PDF
E-Commerce Security
Chapter 10
Andrew P. Snow, Detmar Straub, Carl Stucke, Richard Baskerville
The horrific terrorist attacks carried out on September 11, 2001, and the ensuing aftermath are driving managers to reconsider organizational risk.... Sample PDF
The Survivability Principle: IT Enabled Dispersal of Organizational Capital
Chapter 11
Ronda R. Henning
Information security engineering is the specialized branch of systems engineering that addresses the derivation and fulfillment of a system’s... Sample PDF
Security Engineering: It Is All About Control and Assurance Objectives
Chapter 12
Rayford B. Vaugh
Corporate decisions concerning the purchase of security software and hardware appliances are often made based simply on the recommendations of the... Sample PDF
High Assurance Products in IT Security
Chapter 13
Jack J. Murphy
This chapter presents some basic concepts for the design, implementation, and management of a network-based enterprise boundary protection... Sample PDF
The Demilitarized Zone as an Inforamtion Protection Network
Chapter 14
Mohammad Zulkernine, Sheikh I. Ahamed
The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming... Sample PDF
Software Security Engineering: Toward Unifying Software Engineering and Security Engineering
Chapter 15
Wireless Security  (pages 234-252)
Erik Graham, Paul John Steinbart
The introduction of wireless networking provides many benefits, but it also creates new security threats and alters the organization’s overall... Sample PDF
Wireless Security
Chapter 16
David A. Dampier, Ambareen Siraj
This chapter discusses the notion of intrusion detection and introduces concepts associated with intrusion detection and methods used to respond to... Sample PDF
Intrusion Detection and Response
Chapter 17
Deploying Honeynets  (pages 266-286)
Ronald C. Dodge Jr., Daniel Ragsdale
When competent computer network system administrators are faced with malicious activity on their networks, they think of the problem in terms of... Sample PDF
Deploying Honeynets
Chapter 18
Merrill Warkentin, Mark B. Schmidt, Ernst Bekkering
In the digital environment, steganography has increasingly received attention over the last decade. Steganography, which literally means “covered... Sample PDF
Steganography and Steganalysis
Chapter 19
Rodolfo Villarroel, Eduardo Fernandez-Medina, Juan Trujillo, Mario Piattini
Organizations depend increasingly on information systems, which rely upon databases and data warehouses (DWs), which need increasingly more quality... Sample PDF
Designing Secure Data Warehouses
Chapter 20
Digital Forensics  (pages 311-325)
David A. Dampier, A. Chris Bogen
This chapter introduces the field of digital forensics. It is intended as an overview to permit the reader to understand the concepts and to be able... Sample PDF
Digital Forensics
Chapter 21
Art Taylor, Lauren Eder
With the rise of the Internet, computer systems appear to be more vulnerable than ever from security attacks. Much attention has been focused on the... Sample PDF
A Comparison of Authentication, Authorization and Auditing in Windows and Linux
Chapter 22
Göran Pulkkis, Kaj J. Grahn, Jonny Karlsson
This chapter outlines classifications of user-authentication methods based on five different taxonomies. The outlined taxonomies are: user... Sample PDF
Taxonomies of User-Authentication Methods in Computer Networks
Chapter 23
Katherine M. Hollis, David M. Hollis
This chapter provides an introductory overview of identity management as it relates to data networking and enterprise information management... Sample PDF
Identity Management: A Comprehensive Approach to Ensuring a Secure Network Infrastructure
About the Authors