alarm system coupled with bars on all openings. Thus, we see that security is not an absolute. This observation applies to computer systems as well, and it is the basis of Common Criteria. What Common Criteria seeks to accomplish, much like ISO 9000, is the provision of means for asserting which levels of security are needed, and then to make sure that the proper processes are followed to achieve them. This allows the establishment of trust in the assertion that security is present where we need and thus want it. Certification will provide this trust by making sure that what is promised is actually done.

We’ve alluded to the derivation of trust from an understanding of causality. If however, one is not intimately conversant with the intricacies of a specific causal relationship, either in construction or process, then how can we derive trust from it? Well, a variation on the theme of standards provides us a useful approach, that of the establishment of certification organizations. Such bodies are common in the area of computer system quality and security. Certification organizations typically allow the establishment of a level of trust, using much the same definition for trust that we have discussed previously. Remember that our working definition for trust is an expectation (of an outcome) with some degree of assurance. A certification standard is aimed at quantifying the degree of assurance.

Certification organizations are independent companies or government agencies whose function is to gather information regarding the processes addressed by the quality and security practices under certification. Typically, after studying the information provided, certification companies or agencies perform an audit based on a comprehensive questionnaire accompanied by set and random interviews. Almost invariably, they find deviations in the execution of the processes defined, and their job is to classify those deviations, essentially as minor or major exceptions. Typically, minor exceptions may be pardoned until the next audit but major exceptions need to be fixed for the certificate to be issued.

The whole concept of certification is thus grounded in trust conveyance through a third party in which a known level of trust is imbued by various parties. The manner in which trust is established within this third party is actually a topic of the next chapter; it involves trust derived from a well known process. So, for the moment we’ll simply assume the existence of a defined level of trust and then we’ll consider in the next chapter how this is established. As we’ve seen, the compliance standards and their associated certifications are generally about processes. They are often not actually about the content being investigated. A set level of trust is imbued in the processes, which provides an understood guarantee that whatever the intent of the authors of an artifact was, they implemented the artifact in a way that is traceable in quality, putting in place security measures that are precisely defined. What this doesn’t do is measure the adequacy of the artifact to the task that they are expected to perform, this being a matter of content, which we will now turn to.

Let’s come back to our house example, where we will decide that our doors and windows shall always be closed while we are away. If we document that fact by following quality and security standards and that we subsequently obtain certification that we are indeed following the practices we have defined, then we should be quite sure that the proper security is in place, shouldn’t we? Actually, the only thing we can trust so far is that the security mechanisms we have put in place are indeed functioning. For example, if our process is that before leaving the house we walk through it to make sure that all openings are closed and that we do this without exception each time we prepare to leave the house, then at best our certification company can measure our conformance to this process. When our process is checked, then we can have some level of confidence in our making sure that the security we’re seeking is in place. Of course, what happens

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)