Thursday, January 17, 2019
DITSCAP/ Orange Book Essay
The difference between the orange tree Book and the DITSCAP is that the Orange book depends on the learning that comes from the computer softw ar package that atomic number 18 inwardly the computer information musical arrangements for them to perform their tasks and to achieve their intend objectives. (Lee, 1999). On the other hand, DITSCAP gives a ground for assessing the protection of the information systems that are within the presidencys, business firms, individuals and other private firms that give support to the firm.However, DITSCAP is lessened in its efficiency due to lack of a combined corroboration and accreditation framework tool. When used alone, DITSCAPN can be a very devolve process to the user as it has numerous cross checks of the policies and the requirements. The complex and fivefold information that exist between these diverse types of information hinder a persons ability to project, generate, and assemble and to give protection to the systems. (Lee, 1 999).In other words, DISCAP gives the process that is to be used, the activities that are going to be undertaken, translation of the activities to be undertaken as substantially as the type and method of the concern structure that is going to be followed during the process of support and accreditation of the information engineering science systems that help to give the necessary security to the computers. This process aims at ensuring that the security process that is used gives the best security to the computers throughout the lifecycle.The certification levels of the DITSCAP comprises of four phases where the first phase involves the definition of the process. This involves understanding the organization, the environment in which the organization is in and the architecture of the organization that helps to identify the type of the security that is require and the efforts that the organization is doing in order to achieve the accreditation. (Lee, 1999).The second phase, veri fication phase, involves an compendium of how the security systems have evolved or have been modified for them to comply with the placement Security Authority Agreement. The organization uses SSAA to come up with a modified and binding agreement before there is any development on the system development or before making any motley to the system. After the system accreditation, SSAA becomes the basis for the security configuration document. The third phase, trial impression phase ensures that there is a fully integrated information system as was earlier agreed on the SSAA.The fourth phase, post accreditation phase, gives the activities that are necessary for the continuity of the accredited information system to continue works in its computing environment and to case the challenges that the system may face in its entire life cycle. (Lee, 1999). The certification Levels relate to the graduations defined within the Orange Book in that the certification and accreditation process wh ich are coordinated and which give feedback to the other earlier phases when it is necessary.(Wong and Yeung, 2009). Each of these phases has some of the activities that require to be undertaken. In addition each of the activity has a series of tasks that impoverishment to be undertaken depending on the requirements. Each of these tasks gives out the input which represents the type of information needed to complete a given task as well as the outputs which gives the product of the task or the information which may in addition serve as an input in other subsequent tasks.The certification and accreditation process has to be expanded in order to give to a greater extent information about each of the stage and to ensure that the staff understand their role in the certification team. The value of the Minimal Checklist contained in appendix 2 of the DITSCAP applications manual is that it establishes criteria to be used for certification and accreditation by tolerant a guide on the re quired efforts and other factors that are connect to this system. Assurance is referred to as the confidence which the features of security, characteristics and the functions of these features give to enforce the security policy.The self-reliance can be established for the business, the components and systems of the security. Therefore, certification leads to the assurance of a sure system in relation to its environment whereas accreditation shows whether the impacts linked with the system are either weak, tolerable or if they cannot be accepted at all. (Wong and Yeung, 2009). References Lee, S. E. (1999). Essays around Computer Security. Cambridge. Wong, A. and Yeung, A. (2009). Network Infrastructure Security. Springer.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment