Select Page

ITSEC (Information Technology Security Evaluation Criteria)

CISSP

  • Target of Evaluation (TOE): In ITSEC, any system undergoing evaluation is referred to as a Target of Evaluation (TOE). The TOE is the specific part of the system being assessed for security effectiveness.
  • No Reliance on TCB: Unlike other evaluation frameworks, ITSEC does not depend on the concept of a Trusted Computing Base (TCB). It does not require the system’s security components to be isolated within a TCB, which is a departure from some other security models and criteria.
  • Maintenance of TOE: ITSEC includes provisions for maintaining the security assurance of a TOE after changes occur. This means that the system does not necessarily require a new formal evaluation every time a change is made, as long as the changes are covered under the criteria.

These aspects of ITSEC provide flexibility in how systems are evaluated and maintained, making it a useful framework for ongoing security assurance in dynamic environments. Understanding ITSEC is important for evaluating and ensuring the security of IT systems, particularly in contexts where changes are frequent.

Latest Post:

Pin It on Pinterest