Assignment: Information Systems Analysis
Question 1
• What are the values of doing formal evaluation?
• What do you see as the drawbacks of evaluation?
Note:- If you do use a work example make sure that it is unencumbered (meaning you are free to discuss it). Be sure not to divulge any propriety or confidential information. If you are unsure do not post the example and answer the question using a hypothetical situation instead.
Question 2
The Common Criteria, CC, Web site.
• Go to the above web site and explore for yourself its contents.
• Go to the certified products area and find hardware (or software or a bundled hardware and software product) which you are interested in or have firsthand knowledge about. For example, you might try to find the product Citrix Systems Inc. You may instead decide to lookup a Microsoft or Apple product, for example an operating system such as Windows 10 or IBM's AIX operating system.
• In the Session 3 Conference state what you found regarding your chosen product. What is the level at which it passed? Who was the evaluator? List three security requirements of your products. List three assurance requirements for the product.
Feel free to assume your role is to evaluate responses to your firms hypothetical Request For Proposals (RFP), for the acquisition or purchase of hardware and/or software or that your role is that of a member of a site Audit Team which is charged with determining compliance with the Common Criteria for your firms existing Information Communication Technology, ICT, hardware and software resources. Your role can even be that of a private individual who is interested in purchasing a hardware and software configuration and desires to evaluate it prior to buying.
The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.