CompTIA Security+ Exam Prep

Answer: B - The Information Technology Security Evaluation Criteria (ITSEC) was the first attempt at establishing a single standard for evaluating security attributes of computer systems and products by many European countries. This was to evaluate two main attributes of a system’s protection mechanisms: functionality and assurance. When the functionality of a system’s protection mechanisms are being evaluated, the services that are provided to the subjects are examined and measured. Protection mechanism functionality can be very diverse in nature because systems are developed differently just to provide different functionality to users. Assurance is the degree of confidence in the protection mechanisms and their effectiveness and capability to perform consistently. Assurance is generally tested by examining development practices, documentation, configuration management, and testing mechanisms.