ITSEC
The Information Technology Security Evaluation Criteria (ITSEC; German about: criteria for evaluating the security of information technology ) is a European standard for the assessment and certification of software and computer systems with respect to data and computer security in terms of its functionality and reliability. After France, West Germany and Great Britain in 1989 published their own criteria, the three countries and the Netherlands developed the common standard ITSEC. The first version was released in May 1990. The standard was subsequently published in a revised version in June 1991 by the European Commission; its content is very similar to the earlier German standard ITSK and thus provides a more differentiated classification than the American Orange Book ( TCSEC ). The ITSEC and TCSEC standards were united in 1996 in the international standard Common Criteria.
In Germany, certified according to ITSEC among others by the German Federal Office for Security in Information Technology. By the Information Technology Security Evaluation Methodology ( ITSEM; German about: Method for evaluating the security of information technology ) will be assessed.
Functionality classes
In contrast to the U.S. Orange Book distinguishes the ITSEC ( see previously the ITSK standard ) evaluation on the functionality and reliability (quality), in which trustworthiness is further distinguished by correctness and effectiveness. So there are three dimensions of the place in which only the first 5 of the 10 functionality classes form a hierarchical order:
Furthermore functionality classes exist, which relate to the consistency of data and the availability of services:
In addition, there are three classes of functionality that relate to the transmission of data (especially in networks):
Quality classes
In assessing the quality ( reliability ) of a computer system, a distinction between the effectiveness of the method and the correctness of the implementation.
The effectiveness denotes the resistance of a protective mechanism against theft attempts. ITSEC distinguishes three stages in the ITSK was even finer distinction:
The assessment of the correctness of the implementation is done in 6 steps. This is especially tested for bugs, as well as the extent to which the implementation actually implements the previously evaluated method. In contrast to the BSI policy ITSK ITSEC summarizes the effectiveness and trustworthiness not together, but treats the values separately.