Using the Common Criteria for IT Security Evaluation

— —

Debra S. Herrmann (Biological Computing Initiative, North Bethesda, Maryland, USA) Clement Dubois

Using the Common Criteria for IT Security Evaluation

Debra S. Herrmann (Biological Computing Initiative, North Bethesda, Maryland, USA), Clement Dubois

$242

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

Auerbach
27 December 2002

Privacy & data protection; Data encryption

Many organizations and government agencies require the use of Common Criteria certified products and systems and use the Common Criteria methodology in their acquisition process. In fact, in July 2002 the U.S. National Information Assurance Acquisition Policy (NSTISSP #11) mandated the use of CC evaluated IT security products in critical infrastructure systems. This standard provides a comprehensive methodology for specifying, implementing, and evaluating the security of IT products, systems, and networks. Because the Common Criteria (CC) for IT Security Evaluation is a relatively

new international standard, little written material exists which explains this how-to knowledge, and it's not exactly easy to interpret. Designed to be used by acquiring organizations, system integrators, manufacturers, and Common Criteria

testing/certification labs, Using the Common Criteria for IT Security Evaluation explains how and why to use the Common

Criteria during the acquisition, implementation or evaluation of an IT product, system, network, or services contract. The text describes the Common Criteria methodology; the major processes, steps, activities, concepts, terminology, and how the CC methodology is used throughout the life of a system. It illustrates how each category of user should employ the methodology as well as their different roles and responsibilities. This text is an essential resource for

all those involved in critical infrastructure systems, like

those operated by the FAA, the Federal Reserve Bank, DoD, NATO, NASA, and the intelligence agencies. Organized to follow the Common Criteria lifecycle, Using the Common Criteria for IT Security Evaluation provides examples in each chapter to illustrate how the methodology can be applied in three different scenarios: a COTS product, a system or network, and a services contract. The discussion problems at the end of each chapter ensure the text's effectiveness in an educational setting and ensure that those government officials required to comply with Presidential Decision Directive 63 (PDD-63)

will be able to do so with confidence.

By: Debra S. Herrmann (Biological Computing Initiative North Bethesda Maryland USA)
Contributions by: Clement Dubois
Imprint: Auerbach
Country of Publication: United Kingdom
Dimensions: Height: 254mm, Width: 178mm, Spine: 17mm
Weight: 535g
ISBN: 9780849314049
ISBN 10: 0849314046
Pages: 304
Publication Date: 27 December 2002
Audience: Professional and scholarly , Professional and scholarly , Professional & Vocational , Undergraduate , Further / Higher Education
Format: Paperback
Publisher's Status: Active

Introduction. What Are the Common Criteria? Specifying Security Requirements: The Protection Profile. Designing a Security Architecture: The Security Target. Verifying a Security Solution: Security Assurance Activities. Postscript. Glossary of Acronyms and Terms. Additional Resources. Common Criteria Recognition Agreement. Participants. Accredited Common Criteria Evaluation Labs. Accredited Cryptographic Module Testing Laboratories. Glossary of Classes and Families.

Debra S. Herrmann

Reviews for Using the Common Criteria for IT Security Evaluation

Herrmann knows her stuff. The book lacks nothing in rigor and erudition. Multiple tables and flowcharts, which abound throughout the text, yield insights into the technical aspects of the Common Criteria. [The book's] richness of detail offers a good reference for security system evaluation. - Security Management, Nov. 2004