The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
TCSEC focused on confidentiality while ITSEC added integrity and availability as security goals.
The following answers are incorrect: integrity and confidentiality.
Is incorrect because TCSEC addressed confidentiality.
confidentiality and availability.
Is incorrect because TCSEC addressed confidentiality.
none of the above.
Is incorrect because ITSEC added integrity and availability as security goals.
The Information Technology Security Evaluation Criteria (ITSEC) is a security standard developed by the UK government in the late 1980s. It is a comprehensive security evaluation scheme that was designed to be used in evaluating the security features and assurance of computer systems. The ITSEC is based on the Common Criteria, which is a similar evaluation scheme developed by an international consortium of governments and industry.
The Orange Book, also known as "Trusted Computer System Evaluation Criteria" (TCSEC), is a security standard developed by the U.S. government in the early 1980s. It is a set of guidelines that were designed to evaluate the security features and assurance of computer systems used by the government.
The Orange Book and the ITSEC are similar in many respects. However, the ITSEC was written to address some issues that the Orange Book did not address. In particular, the ITSEC was designed to address both integrity and availability, while the Orange Book primarily addressed confidentiality.
Confidentiality is the protection of information from unauthorized disclosure. The Orange Book primarily addresses this aspect of security. The ITSEC, on the other hand, was designed to address both integrity and availability, in addition to confidentiality.
Integrity refers to the protection of information from unauthorized modification. This includes ensuring that data is accurate and complete and that it has not been tampered with. Availability refers to the ability of users to access the system and its resources when needed.
In summary, the answer to the question is option C, which is integrity and availability. The ITSEC was written to address both integrity and availability, in addition to confidentiality, while the Orange Book primarily addressed confidentiality.