<< 1 >>
Rating: 
Summary: Augments official docs & adds realistic approach
Review: Although you can obtain the full and most up-to-date documentation for Common Criteria from NIST's Computer Security Resource Center (see ASIN B0001O48Y4), wading through it and transforming the information into an approach is a daunting task. This book distills the Common Criteria key elements and shows how to employ it to implement a security layer that is based on protection profiles aligned to targets of evaluation.First, a burning question - do you need this book? Or, more specifically, should you use Common Criteria as an approach? If your organization is required to conform to ISO/IEC 15408, or you are a large enterprise with a mature security program, or are planning to employ the Common Criteria as an evaluation approach then this book will prove to be helpful. What separates this book from the publicly available documentation is the way the authors use practical and realistic examples to step you through the intricacies and complexities of the techniques. They also present the material is a logical sequence that is focused on what is essential, and do so without missing steps or key information. The book provides a background of Common Criteria, and an overview that includes the what's and why's, and how it relates to other standards. They then systematically lead you through how to develop protection profiles, identifying targets of evaluation, developing a security architecture, and performing verification. In addition, this book covers security certification and accreditation, security target evaluation (ASE), vulnerability analysis and penetration testing (AVA), service contracts and other topics germane to Common Criteria that are scattered throughout the official documentation. Bottom line - this book will not replace or supplant the official documentation, but nicely augments it by providing a succinct description of relevant information and key activities, and how to use them in the real world.
<< 1 >>
| 
