As per the Orange Book, what are two types of system assurance?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Are the two types of assurance mentioned in the Orange book.
The following answers are incorrect: Operational Assurance and Architectural Assurance.
Is incorrect because Architectural Assurance is not a type of assurance mentioned in the Orange book.
Design Assurance and Implementation Assurance.
Is incorrect because neither are types of assurance mentioned in the Orange book.
Architectural Assurance and Implementation Assurance.
Is incorrect because neither are types of assurance mentioned in the Orange book.
The Orange Book, also known as the Trusted Computer System Evaluation Criteria (TCSEC), is a document that outlines a set of criteria for evaluating the security of computer systems. The Orange Book was published by the United States Department of Defense in 1985 and has since been used as a basis for evaluating the security of computer systems.
According to the Orange Book, there are two types of system assurance: operational assurance and architectural assurance.
Operational Assurance: Operational assurance refers to the measures taken to ensure that the system is operating securely and that the security policies and procedures are being followed. It includes the processes, procedures, and techniques used to protect the system and the data it contains from unauthorized access, modification, or destruction. This type of assurance involves the ongoing monitoring of the system to detect and respond to security breaches, as well as the implementation of security features such as access controls, audit trails, and security testing.
Architectural Assurance: Architectural assurance refers to the measures taken to ensure that the system has been designed and implemented in a secure manner. This includes the design and implementation of security features such as access controls, audit trails, and encryption, as well as the selection of hardware and software components that are known to be secure. This type of assurance involves the evaluation of the system design and implementation to ensure that it meets the security requirements specified in the system's security policy.
In summary, the two types of system assurance according to the Orange Book are operational assurance, which focuses on ongoing monitoring and implementation of security measures, and architectural assurance, which focuses on the design and implementation of security features.