Organizations around the world often assess their IS security mechanisms and practices by using the Trusted Computer System Evaluation Criteria (TCSEC) or Information Technology Security Evaluation Criteria (ITSEC). The two standards are similar, though there are distinctions.
Review the resources included in the textbook.
Consider the following scenario:
You are the security manager for an organization that writes software.
You are reviewing the proposal for a new chat program to be sold for use within an organization. Members of the organization can be physically located anywhere around the world, and your company is promising that all chat communications will be secure.
Submit a 3- to 4-page report that includes the following:
Compare and contrast the TCSEC and the ITSEC standards.
Describe what features and practices should be included in the design and development of the chat program to qualify it for each of the four TCSEC classes.
Specify what your company would have to do to be considered in each of the seven ITSEC classes.
Identify where the two standards overlap for your chat program.
0 comments