Ver:
Seguridad o certeza que se tiene sobre algo.
De garantía. Que ofrece confianza.
DRAE. Diccionario de la Lengua Española.
Especificación de aseguramiento de las funciones de seguridad que deben implementarse para alcanzar uno o varios objetivos de seguridad, centrada generalmente en el entorno de desarrollo del sistema. [EBIOS:2005]
1. Confianza que puede depositarse en la seguridad suministrada por el Objeto de Evaluación (ITSEC)
2. Confianza depositada en un sistema para alcanzar su Objetivo de Seguridad.
[Ribagorda:1997]
Seguridad de que un sistema alcanza los objetivos de seguridad para los que ha sido diseñado. [CESID:1997]
Something that
makes something else certain to happen.
Oxford Advanced Learner's Dictionary.
Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy. [CNSSI_4009:2010]
in the context of
this document: Grounds for confidence that a deliverable meets its security objectives
[ISO/IEC 15408].
NOTE. This
definition is generally accepted within the security community; within ISO the
more generally used definition is: Activity resulting in a statement giving
confidence that a product, process or service fulfills specified requirements
[ISO/IEC Guide 2].
[ISO-21827:2007]
a set of
structured assurance claims, supported by evidence and reasoning, that
demonstrate clearly how assurance needs have been satisfied. [ISO-21827:2007]
an assertion or
supporting assertion that a system meets a security need. Claims address both
direct threats (e.g., system data are protected from attacks by outsiders) and
indirect threats (e.g., system code has minimal flaws). [ISO-21827:2007]
data on which a
judgment or conclusion about an assurance claim may be based. The evidence may
consist of observation, test results, analysis results and appraisals. [ISO-21827:2007]
1. (I) An
attribute of an information system that provides grounds for having confidence
that the system operates such that the system's security policy is enforced.
(Compare: trust.)
2. (I) A
procedure that ensures a system is developed and operated as intended by the
system's security policy.
[RFC4949:2007]
Grounds for
confidence that a TOE meets the SFRs.
TOE - Target of
Evaluation
SFR - Security
Functional Requirement
[CC:2006]
Specification of
the assurance provided by security functions to be implemented to contribute to
one or more security objectives, and generally concerning the system
development environment. [EBIOS:2005]
Grounds for
confidence that the other four security goals (integrity, availability,
confidentiality, and accountability) have been adequately met by a specific
implementation. "Adequately met" includes (1) functionality that
performs correctly, (2) sufficient protection against unintentional errors (by
users or software), and (3) sufficient resistance to intentional penetration or
by-pass. [NIST-SP800-27:2004]
A grouping of
assurance methods according to the aspect examined. [ISO-15443-1:2005]
Verification and
recording of the overall types and amounts of assurance associated with the
deliverable (entered into the assurance argument). [ISO-15443-1:2005]
Grounds for
confidence that the other four security objectives (integrity, availability,
confidentiality, and accountability) have been adequately met by a specific
implementation. Adequately met includes (1) functionality that performs
correctly, (2) sufficient protection against unintentional errors (by users or
software), and (3) sufficient resistance to intentional penetration or by-pass.
[NIST-SP800-33:2001]
the confidence
that may be held in the security provided by a Target of Evaluation. [ITSEC:1991]
Spécification
d'assurance des fonctions de sécurité à mettre en uvre pour participer à la
couverture d'un ou plusieurs objectifs de sécurité, et portant généralement sur
l'environnement de développement du système. [EBIOS:2005]
Temas relacionados