Delivering effective security assurance services
Our experience in the IT security industry spans the last 15 years, during which time there have been a number of major, diverse developments affecting IT security:
- The rate of software fixes and patch releases has increased dramatically in an attempt to keep pace with the publication of new vulnerabilities and exploits.
- The responsibilities of the system administrator have increased to include patch management and vulnerability assessment.
- The economic pressures to outsource many IT functions to external organisations has led to the need to securely extend organisation's IT perimeter to the extent of deperimeterisation.
- IT is now a utility, leading users to buy more services with embedded security rather than buying products.
In response to these developments there has been the increased requirement for independent analysis and testing of technologies used to secure systems and networks. The need for assurance that a solution provides the necessary security has promoted more vendors to submit their solutions for security evaluation. This, coupled with the international presence of the vast majority of vendors, paved the way for the publication of the Common Criteria (ISO/IEC 15408). The Common Criteria provides the first internationally recognised and agreed IT security evaluation criteria and supporting methodology, initially published for use in 1999 and most recently released in 2009.
