ABSTRACT
The effective use of Information Technology (IT) is essential for increasing business prosperity; dependence on IT is increasing, as is the diversity of usage within all sectors of commerce and industry. The Information Technology Security Evaluation Criteria is applicable to both systems and products, and to all market sectors, including government, industry and commerce. Security in this context is considered to encompass: confidentiality — prevention of the unauthorised disclosure of information; integrity — prevention of the unauthorised modification of information; and availability — prevention of the unauthorised withholding of information or resources. In IT security, assurance is a measure of the confidence that the security of a system does in practice enforce a previously defined security policy. Security accreditation of a system can be very wide ranging, going beyond consideration of technical security features within an IT system and, in principle, can cover the security of the whole system, its environment and its modes of use.
