Threat assesment

Matthew Burgess matthew at linuxfromscratch.org
Mon Jan 5 13:00:30 PST 2004


On Sun, 04 Jan 2004 22:32:01 -0500
Robert Connolly <cendres at videotron.ca> wrote:

> This looks like a pretty good guild.
> http://www.businesscontinuityinternational.com/threat Assesment.htm

If people want a (supposedly) thorough threat analysis/assessment they
could do worse than http://niap.nist.gov/tools/cctool.html.

Admittedly, the Common Criteria (CC) is a largely worthless statement of
the security of a system (at least up to Evaluation Assurance Level
(EAL) 4), but the questions posed by cctool can at least get someone
thinking about the right kind of areas to consider securing.  As an
example MS Windows 2000 reached EAL4
(http://news.com.com/2100-1001-963776.html)!

BTW: The tool is Java based - those without a JRE need not download.

Cheers,

Matt.




More information about the hlfs-dev mailing list