Skip to main content
SpringerLink
Log in

Standardization and Security Criteria: Security Evaluation of Computer Products

  • Chapter
  • First Online:
Guide to Computer Network Security

Part of the book series: Computer Communications and Networks ((CCN))

  • 3116 Accesses

Abstract

The rapid growth of information technology (IT), our growing dependence on it, and the corresponding skyrocketing security problems arising from it have all created a high demand for comprehensive security mechanisms, and best practices to mitigate these security problems. Solutions on two fronts are sought for. First, well-implemented mechanisms and best practices are needed for fundamental security issues like cryptography, authentication, access control, and audit. Second, comprehensive security mechanisms are also needed for all security products so that consumers are assured of products and systems that meet their business security needs. The response to this high demand for security products has been an avalanche of products of all types, capabilities, varying price ranges, effectiveness, and quality. You name a product and you get a flood from vendors. As the marketplace for security products get saturated, competing product vendors and manufacturers started making all sorts of claims about their products in order to gain a market niche. In this kind of environment then, how can a customer shop for the right secure product, what security measures should be used, and how does one evaluate the security claims made by the vendors? Along the way, making a choice of a good effective security product for your system or business has become a new security problem we want to focus on in this chapter.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Wikipedia, http://en.wikipedia.org/wiki/Open_standard

  2. Bradner S (1996) FRC 2026: the internet standards process—Revision 3. Network Working Group. http://www.ietf.org/rfc/rfc2026.txt

  3. Mercuri R (2003) Standards insecurity. Commun ACM 46(12):21–25

    Google Scholar 

  4. Computer Security Evaluation FAQ (2014) Version 2.1. http://www.faqs.org/faqs/computer-security/evaluations/

  5. An Oracle White Paper. Computer security criteria: security evaluations and assessment, July 2001. http://otndnld.oracle.co.jp/deploy/security/pdf/en/seceval_wp.pdf

  6. Oracle Technology Network. Security evaluations. http://www.oracle.com/technology/deploy/security/seceval/index.html

  7. Department of Defense Standards (1985) Trusted computer system evaluation criteria. http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Tennessee, Chattanooga, TN, USA

    Joseph Migga Kizza

Authors
  1. Joseph Migga Kizza
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag London

About this chapter

Cite this chapter

Kizza, J.M. (2015). Standardization and Security Criteria: Security Evaluation of Computer Products. In: Guide to Computer Network Security. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-6654-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-6654-2_16

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-6653-5

  • Online ISBN: 978-1-4471-6654-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation