Business value of the operational system security evaluation for the integrator and the service provider


In the process to which a certain IT system is planned, designed, developed, installed, operated, and maintained, indeed various events and actions occur, and various organizations and a lot of people play the role of these actions. This IT system should be secure to assume that the IT system can be safely used all over the system life cycle. Moreover, it consists on the assumption that it is assured that the IT system keeps it secure. On the other hand, the security of a recent IT system that uses a lot of COTS and complicates itself is a big problem for the integrator and the system operator who related to the IT system. Various approaches to the problem to be solved are tried to achieve the security level, requested for the IT system, without the load.
In this presentation, importance and the meaning of the objective evaluation of the security of IT system are arranged, from the standpoint of actual system integration and system operation assuming various cases on the site. In addition, effectiveness and the advantage of the use of the third party evaluation to evaluate the system security will be shown. Moreover, it proposes a concrete method of using common criteria to evaluate IT system, based on the roles such as the system service providers, the integrators, and the system operators and the tasks. The approach to decrease the problem of prolongment and high cost in system evaluation will be discussed.