The cornerstone of information assurance by ProQuest


More Info
									Product Section
GFI                                            RedSeal                                           Novell
Easy-to-use e                                  Provides                                          Offers solid
tool for detailed                              analysis of                                       client server
scanning P4646                                 rules P55                                         patching P52 2

                                                                                 How we test and score the products
The cornerstone of                                                               Our testing team includes SC Magazine Labs staff, as well as exter-

information assurance                                                            nal experts who are respected industry-wide. In our Group Tests, we
                                                                                 look at several products around a common theme based on a pre-
                                                                                 determined set of SC Labs standards (Performance, Ease of use,

                                 his month we are looking at an important        Features, Documentation, Support, and Value for money). There
                                 piece of the information assurance puzzle.      are roughly 50 individual criteria in the general test process. These
                                 Vulnerability management is an emerg-           criteria were developed by the lab in cooperation with the Center
                          ing product area and, for the most part, it still      for Regional and National Security at Eastern Michigan University.
                          is fragmented. This year we will stick with the          We developed the second set of standards specifically for the
                          two major fragments – vulnerability assessment         group under test and use the Common Criteria (ISO 1548) as a
                          and patch management – but I foresee next year         basis for the test plan. Group Test reviews focus on operational
                          looking at the genre as a coherent vulnerability       characteristics and are considered at evaluation assurance level
                                                                                 (EAL) 1 (functionally tested) or, in some cases, EAL 2 (structurally
                          management whole.
                                                                                 tested) in Common Criteria-speak.
                            The issues that are driving yet another conver-
                                                                                   Our final conclusions and ratings are subject to the judgment
gence in our marketplace this time are cost and integration of functional-
                                                                                 and interpretation of the tester and are validated by the technol-
ity. That should be no surprise given that the discovery of vulnerabilities
                                                                                 ogy editor.
often suggests the need for some patching. In fact, several of the products
To top