|
To assess the security of an overall system, it is usually not sufficient to rely on the positive results which individual components obtain in product evaluations. This is particularly true for environments where such certified products are connected together to build up large and complex systems.
Existing individual product certificates do not necessarily provide a picture of overall system security.
|
Examples of such complex systems include typical eBusiness applications which an operator provides for his clients (B2B and/or B2C). In this context, the operator`s immediate concern should be to identify all security risks objectively and to minimize them as appropriate.
This security status implemented in this process should be tested by an independent third part and confirmed to all users (consumer and business clients) by the award of an appropriate certificate.
|
