Systems Security Certified Practitioner – SSCP – Question0266

The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address?

A.
integrity and confidentiality.
B. confidentiality and availability.
C. integrity and availability.
D. none of the above.

Correct Answer: C

Explanation:

TCSEC focused on confidentiality while ITSEC added integrity and availability as security goals.
The following answers are incorrect:
integrity and confidentiality. Is incorrect because TCSEC addressed confidentiality.
confidentiality and availability. Is incorrect because TCSEC addressed confidentiality.
none of the above. Is incorrect because ITSEC added integrity and availability as security goals.