Features
- Cover Type: Paperback with 304 pages
- Published by: Auerbach Publications
- Edition: 1st Edition December 27, 2002
- Written in: English
- ISBN 10 Number: 0849314046
- ISBN 13 Number: 978-0849314049
-
Book Dimensions:
10 x 7.1 x 0.6 inches
- Weighs: 1.2 pounds
Product Review
Herrmann knows her stuff. The book lacks nothing in rigor and erudition. Multiple tables and flowcharts, which abound throughout the text, yield insights into the technical aspects of the Common Criteria. … [The book's] richness of detail offers a good reference for security system evaluation.
- Security Management, Nov. 2004
Herrmann knows her stuff. The book lacks nothing in rigor and erudition. Multiple tables and flowcharts, which abound throughout the text, yield insights into the technical aspects of the Common Criteria. … [The books] richness of detail offers a good reference for security system evaluation.
- Security Management, Nov. 2004
Product Description
Designed to be used by acquiring organizations, system integrators, manufacturers, and Common Criteria testing/certification labs, the Common Criteria (CC) for IT Security Evaluation is a relatively new international standard. This standard provides a comprehensive methodology for specifying, implementing, and evaluating the security of IT products, systems, and networks. This book explains in detail how and why the CC methodology was developed, describes the CC methodology and how it is used throughout the life of a system, and illustrates how each of the four categories of users should employ the methodology as well as their different roles and responsibilities.
Reader ReviewsAlthough you can obtain the full and most up-to-date documentation for Common Criteria from NIST's Computer Security Resource Center (see ASIN B0001O48Y4), wading through it and transforming the information into an approach is a daunting task. This book distills the Common Criteria key elements and shows how to employ it to implement a security layer that is based on protection profiles aligned to targets of evaluation. First, a burning question - do you need this book? Or, more specifically, should you use Common Criteria as an approach? If your organization is required to conform to ISO/IEC 15408, or you are a large enterprise with a mature security program, or are planning to employ the Common Criteria as an evaluation approach then this book will prove to be helpful. What separates this book from the publicly available documentation is the way the authors use practical and realistic examples to step you through the intricacies and complexities of the techniques. They also present the material is a logical sequence that is focused on what is essential, and do so without missing steps or key information. The book provides a background of Common Criteria, and an overview that includes the what's and why's, and how it relates to other standards. They then systematically lead you through how to develop protection profiles, identifying targets of evaluation, developing a security architecture, and performing verification. In addition, this book covers security certification and accreditation, security target evaluation (ASE), vulnerability analysis and penetration testing (AVA), service contracts and other topics germane to Common Criteria that are scattered throughout the official documentation. Bottom line - this book will not replace or supplant the official documentation, but nicely augments it by providing a succinct description of relevant information and key activities, and how to use them in the real world.
Search for books at
