Protection Profile for System, Research Paper Example

Pages: 1

Words: 1035

Research Paper

The information given below is in preparation for an IT security network meeting. We will soon be updating our security criteria. From experience, failings in the Orange Book and DITSCAP Book are apparent. For this reason, I will be making a case for moving to the Common Criteria for security needs.

Part 2 and part 3 of the CC serve to provide information on the security components. In the CC, the security components are separated into two books; part 2 contains all the security functional components and part 3 contains all the security assurance components. The content between the CC and the Orange Book are very similar, however the Orange Book keeps all of the security content within one book.

Separating part 2 and part 3 will make it easier for the organization to develop a Profile Protection Plan, since organization of the components has already been begun in the separation of assurance and functional components. The separation relates to the Orange Book only in terms of it being a less convenient resource than the re-organized CC.

The Common Criteria improves on the concept of the Orange Book. Besides making it easier to reference functional and assurance security components, the CC includes valuable additions regarding security that the Orange Book does not. The CC is more detailed with information regarding consumers, developers, and evaluators.

The meaning, purpose, and content are all linked to each other. A protection profile is to express an organization’s security needs. A security target specific to those needs will guide the developer in meeting the target of evaluation for accreditation of certification.

The separation of functional and assurance security components, combined with the additional detail present increases the beneficial use of the Common Criteria above and beyond the Orange Book or the DITSCAP Book. The process of using the Protection Profile, Security Target, and Target of Evaluation is simplified when we remember that the ST used depends on the PP and leads directly to the TOE. Any questions concerning the CC will be answered.

C-2 Orange Book Protection Profile table
Requirement CC Criteria Rationale
Security Policy FAU: Security Audit

Class FCS: Cryptographic Support

Class FDP: user Data Protection

Class FMT: Security Management

Class FPR :Privacy

Security audit entails policies and security strategies, which identify, store, record, and analyze information that concerns pertinent security issues. The outcome of audit report can be utilized to establish which security appropriate events were undertaken at particular time and by whom (Benantar, 2006).

These class uses cryptographic technologies to enable them fulfill a variety of hi-tech security concerns. The cryptographic does the following roles: verification and identification; trusted cryptographic functionalities; data and channel separation; and trusted path.

The User Data Protection (UDP) contains four well-designed families that address user data within a TOE, during export, storage and import of data as well as security issues during data handling.

This class consists of families with explicit necessities that deal with data protection (Bidgoli, 2006).

This kind of security class identify the type of security management of a number of elements of TSF: management of security issues, which consist of, for instance, and Access Control Lists Capability Lists; management of functions that encompass, for instance, laws and regulations that influence behavior of TSF and selection criterion for functionalities of system; definition of security functions; and management of TSF data, which consist of, banners (Merkow & Breithaupt, 2005).

The class privacy makes sure that the system has all prerequisites that would improve security of the system. These security conditions will facilitate user to be cosseted against mishandling and hacking the system by technology criminals. This in turn enhances data security and safety of user during the use data.

Marking Class FAU : Security Audit This class enables any change in data use; and allows terminal user to be informed of any changes during interactive session.
Identification Class FIA: Identification and Authentication The identification element in FIA ensures that data handlers and users to be connected with appropriate security information concerning the system (Bidgoli, 2006).

The specific identification of authorized data for users and legitimate association of security aspects with data handlers and subjects are critical enforcement of security needs.

Identification is employed to definitely recognize the user undertaking particular operations in TOE. These involve not only ascertaining the claimed user of the data, but also authenticate that fact that each user is essentially the one who claims to be.

Accountability Class FPT : Protection of the TSF

Class: Trusted Path/Channels

The class offers capacity of connecting the identity with all auditable events by individual data handlers and users (Merkow & Breithaupt, 2005).

The class promotes system’s accountability by making sure that each data user and handler in the system uses explicit details acknowledged by the system (Benantar, 2006).

In this class, users are required to have direct connection with TSF. Trusted path or channel presents confidence to the data users and handlers. This also focuses at making communication more secure between IT product and TSF users.

Assurance Class FMT: Security Management

Class FDP : User Data Protection

The class guarantees administrators assurance on management of responsibilities of TSF.

This class makes sure that data in the systems is protected and its security is assured in using the system.

This class encompasses of families that assure there is greatest TSF’s integrity and management approaches (Bidgoli, 2006).

Continuous Protection Class FDP: User Data Protection

Class FCO : Communication

The class makes sure data in the systems is endlessly secured from any exterior attack or exploitation (Merkow & Breithaupt, 2005).

The class makes sure that there is constant flow of communication and at the same time offering security to type of data being transferred via the system. This makes sure that the sender is accountable to any security issues, which deals with security of information.

References

Benantar, M. (2006). Access control systems: Security, identity management and trust models. New York: Springer Science+Business Media.

Bidgoli, Hossein.(2006). Handbook of Information Security, Volume 3. Hoboken: John Wiley &  Sons, 2006. Internet resource.

Kim, T., & International Conference on Future Generation Information Technology, FGIT. (2011). Future generation information technology: Third international conference, FGIT 2011 FGIT 2011 in conjunction with GDC 2011, Jeju Island, Korea, December 8-10, 2011 : proceedings. Heidelberg [etc.: Springer.

Merkow, M. S., & Breithaupt, J. (2005). Principles of information security: Principles and   practices. Upper Saddle River, NJ: Pearson Prentice Hall.

Time is precious

Time is precious

don’t waste it!

Get instant essay
writing help!
Get instant essay writing help!
Plagiarism-free guarantee

Plagiarism-free
guarantee

Privacy guarantee

Privacy
guarantee

Secure checkout

Secure
checkout

Money back guarantee

Money back
guarantee

Related Posts

Nutrition Paper, Coursework Example

A major cause of disability, depression is an affective disorder and a disease, one that is responsible for a tremendous economic impact, suboptimal clinical outcomes, [...]

Pages: 1

Words: 230

Movie Review

Aristotle’s Conception of Friendship, Essay Example

The human nature is created in such a way that no one can live independently. We all need friends to run our daily lives smoothly. [...]

Pages: 1

Words: 438

Essay

The Effective, Dissertation – Conclusion Example

Statement of Your Research Problem or Area of Inquiry: New theories and practices, in the field of Human Resources, have resulted in extensive studies made [...]

Pages: 1

Words: 231

Dissertation - Conclusion

The Role of Parent-Oriented Motivation, Article Critique Example

The researchers who wrote this article were endeavoring to understand what motivates children to do well in school, and to explore the relationship between parental [...]

Pages: 1

Words: 241

Article Critique

Englishnization and Rhetoric, Essay Example

Communication can serve many purposes, of which primary ones are to inform and persuade. These two separate functions can be seen as parts of the [...]

Pages: 1

Words: 276

Essay

Women: The Secret Weapon of Modern Warfare, Article Critique Example

Introduction In this article, Kelly Oliver discusses one of the most controversial and disturbing trends in today’s modern world–the use of women as weapons of [...]

Pages: 1

Words: 264

Article Critique

Nutrition Paper, Coursework Example

A major cause of disability, depression is an affective disorder and a disease, one that is responsible for a tremendous economic impact, suboptimal clinical outcomes, [...]

Pages: 1

Words: 230

Movie Review

Aristotle’s Conception of Friendship, Essay Example

The human nature is created in such a way that no one can live independently. We all need friends to run our daily lives smoothly. [...]

Pages: 1

Words: 438

Essay

The Effective, Dissertation – Conclusion Example

Statement of Your Research Problem or Area of Inquiry: New theories and practices, in the field of Human Resources, have resulted in extensive studies made [...]

Pages: 1

Words: 231

Dissertation - Conclusion

The Role of Parent-Oriented Motivation, Article Critique Example

The researchers who wrote this article were endeavoring to understand what motivates children to do well in school, and to explore the relationship between parental [...]

Pages: 1

Words: 241

Article Critique

Englishnization and Rhetoric, Essay Example

Communication can serve many purposes, of which primary ones are to inform and persuade. These two separate functions can be seen as parts of the [...]

Pages: 1

Words: 276

Essay

Women: The Secret Weapon of Modern Warfare, Article Critique Example

Introduction In this article, Kelly Oliver discusses one of the most controversial and disturbing trends in today’s modern world–the use of women as weapons of [...]

Pages: 1

Words: 264

Article Critique