Question 1
· What are the values of doing formal evaluation?
· What do you see as the drawbacks of evaluation?
If possible and applicable frame your answer around a situation relevant to your current work. If not frame your answer around a hypothetical situation or a situation which you have previously experienced in a past work environment.
Note:- If you do use a work example make sure that it is unencumbered (meaning you are free to discuss it). Be sure not to divulge any propriety or confidential information. If you are unsure do not post the example and answer the question using a hypothetical situation instead.
Question 2
The Common Criteria, CC, Web site is located at:
http://www.commoncriteriaportal.org/index.html
· Go to the above web site and explore for yourself its contents.
· Go to the certified products area and find hardware (or software or a bundled hardware and software product) which you are interested in or have firsthand knowledge about. For example, you might try to find the product Citrix Systems Inc. You may instead decide to lookup a Microsoft or Apple product, for example an operating system such as Windows 10 or IBM’s AIX operating system.
· In the Session 3 Conference state what you found regarding your chosen product. What is the level at which it passed? Who was the evaluator? List three security requirements of your products. List three assurance requirements for the product.
Feel free to assume your role is to evaluate responses to your firms hypothetical Request For Proposals (RFP), for the acquisition or purchase of hardware and/or software or that your role is that of a member of a site Audit Team which is charged with determining compliance with the Common Criteria for your firms existing Information Communication Technology, ICT, hardware and software resources. Your role can even be that of a private individual who is interested in purchasing a hardware and software configuration and desires to evaluate it prior to buying.
Question 3
Research Paper Instructions
Information Assurance Project
Topic Selection and Research Paper Requirements
Prior to writing your paper, and if you would like feedback, you may submit a short topic proposal not to exceed one (1) page in the form of a paper abstract.
Proposal topic
·
Secure Software, Ethics, Law & Governance analyzed in the Information Assurance domain.
The topic proposal can be a short paragraph or a full page abstract stating what research question will be answered (or what problem will be solved) by the analysis your paper proposes to perform. In other words your topic proposal should define the focus of the paper by stating a question or describing a problem to be
analyzed in the Information Assurance domain. It should also explain what types of resources and references will be used to perform the analysis to answer this question or solve the stated problem. An adequate literature search will include at least five (8) reputable scholarly sources.
You are required to research a specific issue in your chosen topic area concentrating on analyzing the issue and evaluating the available solutions to the issue. The paper needs to discuss the corresponding benefits and limitations of these solutions and then provide recommendations.