Security Evaluation for Information Assurance

Abstract

In general, threat agents' primary goals may fall into three categories: unauthorized access, unauthorized modification or destruction of important information assets, and denial of authorized access. Security countermeasures are implemented to prevent threat agents from successfully achieving these goals. Because the general systems of today are composed of a number of components such as servers and clients, protocols, services, and so on, the possibility of success of attack may be increased. As though Systems connected to network have become more complex and wide, unfortunately, the researches for the systems are focused on the 'performance' or 'efficiency'. While most of the attention in system security has been focused on encryption technology and protocols for securing the data transaction, it is critical to note that a weakness (or security hole) in any one of the components may comprise whole system. Security engineering is needed for reducing security holes may be included in the Information systems. This paper proposes a method for securing the Information systems by evaluation of security functions of system component. This paper proposes Information system security evaluation and certification for achieving some level of assurance each owners of their Information systems want to get.