Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our security evaluations of IT products module. Vendors attempt to bring products to the market to meet the demand, and consistent evaluation of products help spenders to accomplish this goal. It is important that third parties verified the security mechanisms, and protection in products, rather than just taking the manufacturers word for the fact that the product will work appropriately.
Purchasers typically like to see third party testing because it provides them with assurance that it was done appropriately and fairly. And consumer reports was an early example of this third party testing. It allows a common metric to understand, and talk about the protection a product will provide. And most individuals are willing to pay more for a four star product versus a three star product.
This grading system is similar to stars on Amazon. Where individuals can rate products, and then consumers can purchase one product over another, based on the reviews that it has received. TCSEC, or the Trusted Computer System Evaluation Criteria, is an obsolete evaluation model that was developed by the NCSC, or the National Computer Security Center, for the United States Department of Defense.
This was known as the Rainbow Series and was published in colored books. Typically on the CISSP exam the orange book is the correct answer for questions. And this book has to do with assurance levels for products. The Information Technology Security Evaluation Criteria or ITSEC, is another obsolete model that was developed in Europe.
As is standard for evaluating the security of information systems. This model looks at functionality and assurance separately because it understands that two systems can provide the same functionality but different assurance levels. An assurance is simply a measurement of the correctness, and a judgment of a systems effectiveness as it relates to its security functionality.
When you're purchasing information security products you should consider acquiring and deploying products that have been evaluated, and tested by independent accredited labs rather than using the manufacturers own testing. You should determine what the degree of independence of the evaluation team is from the developer because you do not want the developer to be the one providing the testing.
The International Standards Organization 15408 Standard uses common criteria as the first truly international product evaluation criteria. This criteria reflects security features, and higher security will increase the completeness and rigor of the testing. Accreditation will be environment and system specific. So evaluation will be universal, and you will have to perform accreditation within your own environment. It is important to balance the benefits versus the risk because one product may be appropriate for one environment, but should not be accredited for use in another environment. For the CISSP exam, you should remember that common criteria is an international standard used to define various levels of testing, and a confirmation of a system's security capabilities.
Assurance and trust are evaluated through independent product testing or software development practices and testing. A TCB or trusted computing base is a trusted system where all protection mechanisms are working to process sensitive data for many different types of users, and maintain the level of protection necessary. It is implemented so that the hardware, firmware, operating system, and software all work together.
And effectively support your security policy. Trusted computing base is something that you will most likely see on the CISSP examination. An assurance is your degree of confidence that the system will act appropriately, and predictably in each and every situation that you place it in. This concludes our security evaluation of IT products module.
Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!