Your company plans to purchase a computer system that shall provide trustworthy security functionality. Which of the following is the best standard to be considered? (Wentz QOTD)
A. ISO/IEC 15408
B. TCSEC
C. FIPS 140
D. PCI DSS

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. ISO/IEC 15408

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Reference

---

貴公司計劃購買一個應提供值得信賴的安全功能的計算機系統。以下哪項是要考慮的最佳標準？ (Wentz QOTD)
A. ISO/IEC 15408
B. TCSEC
C. FIPS 140
D. PCI DSS