ITSEC

ITSEC

In May 1990, France, Germany, the Netherlands and the United Kingdom published the Information Technology Security Evaluation Criteria (ITSEC) based on existing work in their respective countries. Following extensive international review, Version 1.2 was subsequently published in June 1991 by the Commission of the European Communities for operational use within evaluation and certification schemes.

The ITSEC is a structured set of criteria for evaluating computer security within products and systems. The product or system being evaluated, called the "target of evaluation", is subjected to a detailed examination of its security features culminating in comprehensive and informed functional and penetration testing.

The degree of examination depends upon the level of confidence desired in the target. To provide different levels of confidence, the ITSEC defines "evaluation levels", denoted E0 through E6. Higher evaluation levels involve more extensive examination and testing of the target.

Unlike earlier criteria, notably the TCSEC developed by the US defense establishment, the ITSEC did not require evaluated targets to contain specific technical features in order to achieve a particular assurance level. For example, an ITSEC target might provide authentication or integrity features without providing confidentiality or availability. A given target's security features were documented in a "Security Target" document, whose contents had to be evaluated and approved before the target itself was evaluated. Each ITSEC evaluation was based exclusively on verifying the security features identified in the Security Target.

Since the launch of the ITSEC in 1990, a number of other European countries have agreed to recognise the validity of ITSEC evaluations.

The ITSEC has been largely replaced by Common Criteria, which provides similarly-defined evaluation levels and implements the target of evaluation concept and the Security Target document.

External links

* [http://www.cesg.gov.uk/products_services/iacs/index.shtml InfoSec Assurance and Consultancy Services (IACS)]

Ref


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • ITSEC — Die Information Technology Security Evaluation Criteria (ITSEC; deutsch etwa: Kriterien für die Bewertung der Sicherheit von Informationstechnologie) ist ein europäischer Standard für die Bewertung und Zertifizierung von Software und… …   Deutsch Wikipedia

  • ITSEC — Information Technology Security Evaluation Criteria Information Technology Security Evaluation Criteria (ITSEC) est un standard pour la sécurité des systèmes d information. Après le TCSEC, qui définit des standards au niveau « machine » …   Wikipédia en Français

  • ITSEC — Information Technology Security Evaluation Criteria (Computing » Security) …   Abbreviations dictionary

  • ITSEC — Information Technology Security Evaluation Criteria …   Acronyms

  • ITSEC — ● ►en /I T sek/ sg. m. ►COP Information Technology Security Evaluation Criteria. Label de sécurité de l information pour le matériel et le logiciel qui la manipulent …   Dictionnaire d'informatique francophone

  • ITSEC — Information Technology Security Evaluation Criteria …   Acronyms von A bis Z

  • ITSEC — abbr. comp. Information Technology Security Evaluation Criteria …   Dictionary of English abbreviation

  • ITSEC —   Information Technical Security Evaluation Criteria, a 1992 initiative to increase consumer awareness of and confidence in information technology and its products …   Glossary of the European Union and European Communities

  • ITSEC — abbr. (european) Information Technology Security Evaluation Criteria (Europa) …   United dictionary of abbreviations and acronyms

  • IT-Sicherheitskriterien — Die Deutschen IT Sicherheitskriterien (ITS oder ITSK, auch bekannt als Grünbuch) sind eine 1989/1990 von der Zentralstelle für Sicherheit in der Informationstechnik (heute BSI) erarbeitete Richtlinie für die Bewertung und Zertifizierung von… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”