What is the name of the international standard that establishes a baseline level of confidence in the security
functionality of IT products by providing a set of requirements for evaluation?
A.
Blue Book
B.
ISO 26029
C.
Common Criteria
D.
The Wassenaar Agreement
ISO 27001 is security management, ISO 26029 is bogus
Common criteria makes the most sense as a baseline, however its not all that useful in practice. The cost of testing is so expensive vendors seldom test or certify their latest patches and releases. In that respect common criteria requirements could make an organization less secure.
Whereas, the Wassenaar Arrangement (WA) has been established in order to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms…thus preventing destabilising accumulations. The aim is also to prevent the acquisition of these items by terrorists. Does it work? Does it f…