Information Security for Global Information Infrastructures

IT security certification and IT security evaluation criteria have changed their character compared with the first efforts ca. 20 years ago. They have also gained more interest within civilian and commercial application areas. Therefore this paper compares them with earlier criticism and with the new challenges in IT security. After an introduction into the concept of security certification the established IT security certification schemes and the related criteria are presented. Then their weaknesses and problems are described, in particular with regard to nowadays security requirements. Improvements of the criteria and the certification systems are presented, and suggestions for using current certification and evl;lluation schemes despite their shortcomings are made.