Помощничек
Главная | Обратная связь


Археология
Архитектура
Астрономия
Аудит
Биология
Ботаника
Бухгалтерский учёт
Войное дело
Генетика
География
Геология
Дизайн
Искусство
История
Кино
Кулинария
Культура
Литература
Математика
Медицина
Металлургия
Мифология
Музыка
Психология
Религия
Спорт
Строительство
Техника
Транспорт
Туризм
Усадьба
Физика
Фотография
Химия
Экология
Электричество
Электроника
Энергетика

Make the word combinations



1. distributed a) profile
2. fulfill b) comparability
3. make c) disclosure
4. permit d) the requirements
5. loss e) measures
6. security f) claims
7. protection g) of use
8. assurance h) system
9. unauthorized i) function
10. meet j) the needs

Match the term and its definition.

1. Evaluation authority

2. Target of Evaluation

3. Assets

4. Augmentation

5. Protection Profile

a) information or resources to be protected by the countermeasures of a TOE.

b) the addition of one or more assurance components from Part 3 to an EAL or assurance package.

c) a body that implements the CC for a specific community by means of evaluation scheme and thereby sets the standards and monitors the quality of evaluation.

d) an implementation-independent set of security requirements for a category of TOEs that meets specific consumer needs.

e) an IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation.

Complete the text by translating Russian phrases given in brackets.

Information held by (1 продукты и системы информационных технологий) is a critical resource that enables organisations to succeed in their mission. Additionally, individuals have a reasonable expectation that their (2 частная информация, содержащая) IT products or systems remains private, be available to them as needed, and not be subject to (3 несанкционированных изменений). IT products or systems (4 должны выполнять свои функции) while exercising proper control of the information to ensure that it (5 защищена от опасности) such as (6 нежелательного или незаконного распространения, изменения или потери). The term IT security is used to cover prevention and mitigation of these and similar hazards.

Many consumers of IT (7 не хватает знаний, компетенции или средств) necessary to judge whether their confidence in the security of their IT products or systems is appropriate, and they (8 могут не захотеть полагаться только на заверения разработчиков).

Consumers may therefore choose to increase their confidence in the security measures of an IT product or system by ordering (9 оценка безопасности).

The CC can be used to select the appropriate IT security measures and it contains criteria for evaluation (10 требований безопасности).

Read the second part of the text. Name the topics which are outside the scope of CC.

Text 2.

Certain topics, because they involve specialised techniques or because they are somewhat peripheral to IT security, are considered to be outside the scope of the CC. Some of these are identified below.

a) The CC does not contain security evaluation criteria pertaining to administrative security measures not related directly to the IT security measures. However, it is recognised that a significant part of the security of a TOE can often be achieved through administrative measures such as organisational, personnel, physical, and procedural controls. Administrative security measures in the operating environment of the TOE are treated as secure usage assumptions where these have an impact on the ability of the IT security measures to counter the identified threats.

b) The evaluation of technical physical aspects of IT security such as electromagnetic emanation control is not specifically covered, although many of the concepts addressed will be applicable to that area. In particular, the CC addresses some aspects of physical protection of the TOE.

c) The CC addresses neither the evaluation methodology nor the administrative and legal framework under which the criteria may be applied by evaluation authorities. However, it is expected that the CC will be used for evaluation purposes in the context of such a framework and such a methodology.

d) The procedures for use of evaluation results in product or system accreditation are outside the scope of the CC. Product or system accreditation is the administrative process whereby authority is granted for the operation of an IT product or system in its full operational environment.

Evaluation focuses on the IT security parts of the product or system and those parts of the operational environment that may directly affect the secure use of IT elements. The results of the evaluation process are consequently a valuable input to the accreditation process. However, as other techniques are more appropriate for the assessments of non-IT related product or system security properties and their relationship to the IT security parts, accreditors should make separate provision for those aspects.

e) The subject of criteria for the assessment of the inherent qualities of cryptographic algorithms is not covered in the CC. Should independent assessment of mathematical properties of cryptography embedded in a TOE be required, the evaluation scheme under which the CC is applied must make provision for such assessments.

 




Поиск по сайту:

©2015-2020 studopedya.ru Все права принадлежат авторам размещенных материалов.