OrangeSec Solutions

 

Definitions

ITSEC

Information Technology Security.
An ITSEC systems class is a profile of system characteristics based on how those same characteristics, when applied to the system's operation data, affect the community mission outcome. In system classes, information systems are grouped with others of similar missions, operating environments, architectures, and data. Furthermore, systems are grouped by their interaction with other systems, the methods of data access, and the security policies that control the access of specific information categories. The intent is to categorize systems by the amount of risk exposure within the system, e.g., ability to contain risk.

The ITSEC class decision process considers the impact of the IT system on other systems. Subsequently, system user interaction, mission, and data types are taken into account. In order to determine the impact on other systems, the risk of the specific system to other systems must be assessed. This approach (C&A) to ITSEC evaluation, focused on infrastructure, determines the universal risk to other systems, instead of only the risk to specific systems under consideration.

INFOSEC

Information Systems Security.
INFOSEC is the protection of information systems against unauthorized access (or the denial of service to authorized users) and modification of information (whether in storage, processing or in transit), including those measures necessary to detect, document, and counter such threats.

ConOps

Concept of Operations.
A high level requirements document that provides:

  • purpose of a system
  • business need(s) that a system will satisfy
  • user expectations
  • basic concepts behind a system
  • system's characteristics and behaviours from a user's point of view

C&A

Certification.
A comprehensive evaluation of the technical and non-technical security features of an IT system. Also, other safeguards in support of the accreditation process in order to establish the extent to which an IT system meets a set of specified security requirements.

Accreditation.
Formal declaration by a designated authority that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards.
 
   
  ® OrangeSec Solutions 2000. All Rights Reserved.

Questions Comments Suggestions please contact query@orangesec.com
Site last updated 15 October 2001