Outline for December 1, 2005

Reading: Kenneth Olthoff, "Sysadmin Admonishments" (2002).

  1. Assurance
    1. Trustworthy entities
    2. Security assurance
    3. Trusted system
    4. Why assurance is needed
    5. Requirements
    6. Assurance and software life cycle
  2. Life cycle: Waterfall Model
    1. Requirements definition and analysis
    2. System and software design (system design, program design)
    3. Implementation and unit testing
    4. Integration and system testing
    5. Operation and maintenance
  3. Evaluation Criteria
    1. Trusted Computer System Evaluation Criteria (Orange Book)
    2. Common Criteria
    3. Best practices
  4. Example of Best Practices
    1. CIS FreeBSD Benchmark
    2. Environment and assumptions

Here is a PDF version of this document.