Organizations around the world often assess their IS security mechanisms and practices by using the Trusted Computer System Evaluation Criteria (TCSEC) or Information Technology Security Evaluation Criteria (ITSEC). The two standards are similar, though there are distinctions.
Assume that you are the security manager for an organization that writes software. You are reviewing the proposal for a new chat program to be sold for use within an organization. Members of the organization can be physically located anywhere around the world, and your company is promising that all chat communications will be secure.
In a 3- to 4-page report, perform the following:
Compare and contrast the TCSEC and the ITSEC standards.
Determine what features and practices should be included in the design and development of the chat program to qualify it for each of the four TCSEC classes.
Determine what your company would have to do to be considered in each of the seven ITSEC classes.
Identify where the models overlap.