Acrónimos:
ITSEC
Ver:
· TCSEC - Trusted Computer System Evaluation Criteria
http://en.wikipedia.org/wiki/ITSEC
Ha surgido de
la armonización de varios sistemas europeos de criterios de seguridad en TI.
Tiene un enfoque más amplio que TCSEC.
Los criterios
establecidos en ITSEC permiten seleccionar funciones de seguridad arbitrarias
(objetivos de seguridad que el sistema bajo estudio debe cumplir teniendo presentes
las leyes y reglamentaciones).
Se definen
siete niveles de evaluación, denominados E0 a E6, que representan una confianza
para alcanzar la meta u objetivo de seguridad. E0 representa una confianza
inadecuada. E1, el punto de entrada por debajo del cual no cabe la confianza
útil, y E6 el nivel de confianza más elevado. Por ello, los presentes criterios
pueden aplicarse a una gama de posibles sistemas y productos más amplia que los
del TCSEC.
El objetivo
del proceso de evaluación es permitir al evaluador la preparación de un informe
imparcial en el que se indique si el sistema bajo estudio satisface o no su
meta de seguridad al nivel de confianza precisado por el nivel de evaluación
indicado.
http://www.csi.map.es/csi/silice/Segurd21.html
(en) Information
Technology Security Evaluation Criteria (ITSEC)
(N) A Standard
[ITSEC] jointly developed by France, Germany, the Netherlands, and the United
Kingdom for use in the European Union; accommodates a wider range of security
assurance and functionality combinations than the TCSEC. Superseded by the Common
Criteria.
[RFC4949:2007]
Germany, the
Netherlands and the United Kingdom published the Information Technology
Security Evaluation Criteria (ITSEC) based on existing work in their respective
countries. Following extensive international review, Version 1.2 was
subsequently published in June 1991 by the Commission of the European
Communities for operational use within evaluation and certification schemes.
The ITSEC is a
structured set of criteria for evaluating computer security within products and
systems. The product or system being evaluated, called the target of
evaluation, is subjected to a detailed examination of its security features
culminating in comprehensive and informed functional and penetration testing.
The degree of
examination depends upon the level of confidence desired in the target. To
provide different levels of confidence, the ITSEC defines evaluation levels,
denoted E0 through E6. Higher evaluation levels involve more extensive
examination and testing of the target.
Unlike earlier
criteria, notably the TCSEC developed by the US defense establishment, the
ITSEC did not require evaluated targets to contain specific technical features
in order to achieve a particular assurance level. For example, an ITSEC target
might provide authentication or integrity features without providing
confidentiality or availability. A given target's security features were
documented in a Security Target document, whose contents had to be evaluated and
approved before the target itself was evaluated. Each ITSEC evaluation was
based exclusively on verifying the security features identified in the Security
Target.
Since the launch
of the ITSEC in 1990, a number of other European countries have agreed to
recognise the validity of ITSEC evaluations.
The ITSEC has
been largely replaced by Common Criteria, which provides similarly-defined
evaluation levels and implements the target of evaluation concept and the
Security Target document.
http://en.wikipedia.org/wiki/ITSEC
Temas relacionados