430W6DQ1JM.docx

    430 W6 JDQ1 JM . 150-200 words

    How can an organization apply the Common Criteria for Information Technology Security Evaluation (CC)? Is there value in applying CC within public companies?

    Reply to responses

    Please read before replying to responses. 100-150 words.

    Response Requirements

    Reminder, each response must be a paragraph which is seven sentences. In addition, I am reminding all students not to lose points moving forward, that the responses for participation need to follow the ABC method. Acknowledge what your classmate has said, build on the content (do not just state, I agree with how you said this, or I like how you said that), and close with a question (an open-ended question). You may send me a message in the private forum with any questions. You must have supporting in-text citations and references to support your discussions posts. Blessings with wisdom and academic growth! Cheers, Professor Ligon Blessings and prayers

    A Jacob

    Good evening Professor Ligon and class,

    Common Criteria (CC) is a framework that allows users the ability to define their Security Function Requirements (SFRs) as well as Security Functional Assurance Requirements (SARs) using what is known as Protection Profiles (PPs). What this means is CC “Provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level that corresponds with its target use environment” (Jefcoat, 2017). This process is usually done for systems at the Federal Government or critical infrastructure level, but a lot of different organizations use this process to procure new software. The few reasons for this certification are to streamline IT products and protection profiles that have been evaluated by a panel. Also, this helps keep in order IT products so that there are no duplicated profiles. Overall, they look to improve the cost-effectiveness and efficiency of the certification process for these IT products. From what it looks like, public companies would benefit from applying for CC certification if they deal with some type of government-critical infrastructure. This would allow both parties’ systems to talk to each other because of the certification. CC certification means the systems are tested at a higher level and less susceptible to vulnerabilities and the possibility of attacks.

    B Aaron

    Evening,

    The common criteria are an international standard for computer security certification. The CC is another framework that a computer system users specify their security functional requirements (SFRs) and security functional assurance requirements (SARs) using the protection profiles (PPs) (Jefcoat, 2021). The CC is most commonly used in Federal Government agencies and critical infrastructures and organizations us it to procure new software solutions to certify the products quality that is being delivered. The purpose of CC is to improve the availability of security enhanced IT products and that the evaluations are performed using a consistent high standard. It also removes the burden of duplicate IT product evaluations and to improve the cost effectiveness and efficiency of the validation process. The CC is important that the IT products have been evaluated by a verified vendor neutral third-party to make sure that the product does what the vendor says the product will do. This certification allows for government markets to take advantage of the IT products that are available, and it also keeps the market competitive and the products will improve because they have to pass the stringent evaluation to make sure the software doesn’t have previously unknown vulnerabilities before its released and to prevent costly post-release patches (Harkness, 2019). Public companies would benefit from CC because it allows them to be able to work with government agencies because they are following a more stringent rules per say that would make the product more valuable because it has been thoroughly tested of vulnerabilities it might have had.

    Will be adding one more response .

    Thanks!

                                                                                                                                      Order Now