Definition: TCSEC (DoD Trusted Computer System Evaluation Criteria, CSC-STD-001-83, DoD: 5200.28-STD) A formal and academic specification of infosec created by the United States Department of Defense in the early 1980s. Point: TCSEC is divided in four parts: A, B, C, and D, where 'A' describes systems with the highest security and 'D' describes untrusted/untrustworthy systems. Each of these is further subdivided into "classes". Microsoft received "C2" certification for Windows NT. This mean the government certified the system as to conforming to class 2 of division C. Contrast: TCSEC is designed around the concept of trusted employees accessing local systems. It was not designed for todays open Internet access. Hackers do not approach security from the TCSEC point of view. TCSEC doesn't deal with types of threats hackers pose. What this means is that the TCSEC approach is irrelevent when trying to defend your e-commerce site against hackers. However, it is extremely useful in protecting internal systems from internal people. Remember that the biggest threat is from your own internal employees, and that most cybercriminals were convicted for having abused trust placed in them.
.................................
Source: Hacking-Lexicon / Linux Dictionary V 0.16
http://www.tldp.org/LDP/Linux-Dictionary/html/index.html
Author: Binh Nguyen linuxfilesystem(at)yahoo(dot)com(dot)au
.................................
