Both administrative and product-related principles are being addressed, individual and organizational privacy rights are being addressed, and, to consolidate all the elements of a rapidly evolving industry, alliances are being established to the International Information Systems Security Certification Consortium (ISC)2, the international Common Criteria effort to develop information technology product-related information security principles, and other organizations having an interest in the security of information and associated principles. In order to effectively consolidate and sustain the value of comprehensive GASSP, the CAR recommendation envisions the creation of an authoritative infrastructure to maintain the GASSP, support their evolution, enforce "compliance", and provide a vehicle for the authoritative approval of reasonably founded exceptions or departures from GASSP. This authoritative infrastructure would be modeled after those that support and sustain the Generally Accepted Accounting Principles (GAAP) and like models of the international accounting profession.
Did you find this white paper useful?
30 out of 50 users found this white paper useful
Related white papers
Introduction to Oracle Identity Management
Oracle Identity Management is an open, extensible, and standards-based infrastructure that can accommodate a wide variety of deployments, partner solutions and customer environments. For example, partner products may leverage Oracle...
Gain a Competitive Advantage by Aligning Your IT Infrastructure with Business Objectives
This paper looks at what IT Security means to your company and how services can assist in the battle against the threats.
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Ensuring Data Protection for Growing Business
Small and midsize businesses have become increasingly reliant on IT. In this paper, we look at how SMBs often progress through the IT adoption cycle, and some of the operational...
A Practical Approach to Managing Phishing
Surely only a few individuals, who have been living a life of seclusion on the French Riviera for the last few years, won't know what the crime of "phishing" is....
