Assurance is the way to gain justifiable confidence that infrastructure and/or applications will consistently demonstrate one or more non-functional properties.
It is an important concept since…
“HAVING SECURITY MECHANISMS IN PLACE
DOES NOT PREVENT YOUR SYSTEM FROM BEING VULNERABLE”
“A NUMBER OF SECURITY INCIDENTS HAVE BEEN REPORTED
EVEN ON HIGHLY PROTECTED SYSTEMS”
“ARE DEPLOYED SECURITY MECHANISMS PROTECTING YOUR ASSETS?
ASSURANCE EVALUATION WILL GIVE YOU THE RESPONSE!”
As a concept it has beed defined by different bodies as follows:
Information assurance in the field of communication and information systems is defined as the confidence that such systems will protect the information they handle and will function as they need to, when they need to, under the control of legitimate users. Effective information assurance must ensure appropriate levels of confidentiality, integrity, availability, non-repudiation and authenticity – European Council
Assurance is defined as the degree of confidence that the security needs of a system are satisfied. (US National Institute of Standards and Technology (NIST), NIST Internal Report (NISTIR) 5472 A Head Start on Assurance: Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness, USA, 1994) Assurance does not add any additional controls to counter risks related to security, but it does provide confidence that the controls that have been implemented will reduce the anticipated risk. Assurance can also be viewed as the confidence that the safeguards will function as intended. – ISO, ISO/IEC 21827:2002 Information technology — Systems Security Engineering—Capability Maturity Model® (SSE-CMM®), Switzerland, 2002
Quality assurance (QA) is a planned and systematic pattern of all actions necessary to provide adequate confidence that an item or product conforms to established technical requirements. – ISO/IEC24765
The assurance provided by moon cloud is much more that the above traditional assurance.
The Moon Cloud Assurance
The Moon Cloud assurance is inline with the current software certification scheme such as Common Criteria. It is based on evidence continuously captured on the target system. It can be used by Common Criteria Accredited Labs to collect certification artifacts.
The Moon Cloud Assurance evidence are the results of the moon cloud monitoring and testing activities (called controls) and can be made available to the moon cloud user for deep inspection and troubleshooting.
Moon cloud assurance guarantees that system requirements in terms of security and compliance to regulations are continuously meet.
WHAT DO YOU GAIN FORM MOON-CLOUD ASSURANCE?
- BETTER CYBERSECURITY CONTROL AND SYSTEM STABILITY
- DEEP CONTINUOUS CONTROL OF THE SECURITY LANDSCAPE
- STATE OF THE ART AUDIT AND REMEDIATION TOOL
