Analyzing Development of Information Security Evaluation in Practice

Information security is very complex field of study. Lack of information security is very expensive issue to organizations. It is very usable ability to be able to predict what kind of information security threats there will be in the future. This can save a lot of time, money and work in the organizations when implementing countermeasures. Security models, criteria and formal methods are one suitable way to execute security evaluation. Security evaluator must assure the effectiveness and correctness of countermeasures. Automated security tools provide assistance for security evaluator, and they are useful in security evaluation. Reliable user authentication is important and smart card technology is promising technology for reliable user authentication, thus smart card security is discussed more detail in this research. Inspecting source code and using security tools are suitable methods for security evaluation.