تحقیق در مورد اصول حسابداری

لینک پرداخت و دانلود *پایین مطلب*

فرمت فایل:Word (قابل ویرایش و آماده پرینت)

تعداد صفحه5

The market for information security has long been seen as dysfunctional [1].  The remedy proposed in 1990 by [1] was to create a not-for-profit foundation that would establish Generally Accepted System Security Principles along the lines of similar principles for accounting[1].  The proposed “Information Security Foundation” never really got off the ground, though recent years have witnessed continuing efforts to establish “Best Practices” in the government and elsewhere, and several not-for-profit organizations now offer information security training and guidelines.

Going further back, to the late 70’s and early 80’s, U.S. government officials correctly recognized that they would be driven increasingly to base defense information systems on commercial-off-the-shelf computers and software.  These systems clearly lacked the security properties sought, and so those officials tried to influence the market by creating the Trusted Computer Security Evaluation Criteria (TCSEC, the “Orange Book”) and a government-financed scheme to evaluate commercial products submitted voluntarily for review.  The idea was to provide a market incentive for commercial vendors to supply improved security throughout their product lines. The Defense Department could then procure competitively the systems it needed.

This attempt to leverage market forces had some good effects, but failed

[1] Whose enforcement seems also to require renewed attention!