Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products

These guidelines provide advice to agencies for sensitive (i.e., non-national security) unclassified systems. This advice regarding sensitive unclassified systems complements the guidance recently issued for the national security community for the use and acquisition of”information assurance” products. In January 2000, … Continue reading →

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

The need for random and pseudorandom numbers arises in many cryptographic applications. For example, common cryptosystems employ keys that must be generated in a random fashion. Many cryptographic protocols also require random or pseudorandom inputs at various points, e.g., for … Continue reading →

PBX Vulnerability Analysis : Finding Holes in Your PBX Before Someone Else Does

The Private Branch Exchange (PBX) is an essential element that supports the critical infrastructure of organization. A PBX is a sophisticated computer-based switch that can be thought of as essentially a small, in-house phone company for the organization that operates … Continue reading →

Information Technology Security Evaluation Criteria (ITSEC)

In the course of only four decades, Information Technology (IT) has come to play an important, and often vital, role in almost all sectors of organised societies. As a consequence, security has become an essential aspect of Information Technology. An … Continue reading →

Information Technology Security Evaluation Manual (ITSEM)

In May 1990 France, Germany, the Netherlands and the United Kingdom published the Information Technology Security Evaluation Criteria [ITSEC] based on existing national work in their respective countries. After widespread international review the ITSEC has been developed in two further … Continue reading →

Security Considerations with Electronic Commerce

Information security is one of the most important acceptance factors in the further development of new media and services such as electronic commerce or “ecommerce”. Given the expected expansion of electronic payment transactions and ecommerce and the investment which this … Continue reading →

The Need For Security Controls To Protect Information And Information Systems

The selection and implementation of appropriate security controls for an information system or a system-of-systems are important tasks that can have major implications on the operations and assets of an organization as well as the welfare of individuals and the … Continue reading →