Hosting Provided By

RE: [IDS] IDS Common Criteria

From: Foster, Douglas <Douglas.Foster(at)occ.treas.gov>
Date: Fri Jan 17 2003 - 22:21:21 EST

-----Original Message-----
From: Graham, Robert (ISS Atlanta)
To: Randy Taylor; focus-ids@securityfocus.com; ids@mailman.vet.com.au Sent: 1/17/03 1:37 PM
Subject: RE: [IDS] IDS Common Criteria

>From: Randy Taylor [mailto:gnu@charm.net]

>They are the same. It seems you haven't understood either of my previous

>My argument is essentially: Common Criteria Evaluation is an example of

So if A is B, and A is C, B is C???? I don't think so. That thinking isn't even close. Especially since a good over-arching security process is not A, not B and not C, but D. This is the crux of the problem. There is one general security process with many sub-processes. The CC is but one sub-process. It is a good sub-process for some situations. The fact that it is not workable for all situations does not mean the over-arching security process is bad. It only means the CC is not universally practical.

>A small amount of process is worth the cost. However, many have jumped

There are many poor processes in the world. There are also many good processes. It sounds to me like you are not distinguishing between the two. Received on Mon Jan 20 19:02:15 2003

This message: [ Message body ]
Next message: Robert_Huber(at)bankone.com: "RE: how to verify whether an attack attempt is successful?"
Previous message: Maher Odeh: "RE: how to verify whether an attack attempt is successful?"
Maybe in reply to: Greg van der Gaast: "RE: [IDS] IDS Common Criteria"
In reply to Graham, Robert (ISS Atlanta): "RE: [IDS] IDS Common Criteria"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:05 EDT

Do you need help?