security evaluation

views updated

security evaluation The examination of a system to determine its degree of compliance with a stated security model, security standard, or specification. The evaluation may be conducted (a) by analyzing the detailed design, especially of the software, often using verification and validation, (b) by observing the functional behavior of the system, or (c) by attempting to penetrate the system using techniques available to an “attacker”.

The US National Computer Security Center has published Department of Defense Trusted Computer System Evaluation Criteria, generally known as the “Orange Book”. This has commonly been used to evaluate commercially available systems. More recently, Information Technology Security Evaluation Criteria (ITSEC) has been published by the European Union.

About this article

security evaluation

Updated About content Print Article