A merger is where two or more business entities combine to create a new entity or company. An amalgamation is where one business entity acquires one or more business entities.
Why Should You Choose Amalgamation Over Merger?
This amalgamation enables manufacturers, based on the analysis of consumer requests, to determine the set of requirements that the product they develop must satisfy. Manufacturers use the technology proposed by the Unified Criteria to substantiate their claims that the product they supply successfully resists security threats, on the basis that it meets the set functional requirements and their implementation was carried out with a sufficient level of adequacy.
To implement the technology of amalgamation vs merger, the unified criteria offer manufacturers a special mechanism called the protection project, which complements the Protection Profile and allows you to combine the descriptions of the requirements that the developer was guided by, and the specifications of the mechanisms for implementing these requirements.
Functional class catalog of amalgamation:
- Audit.
- Communication (confirmation of reception/transmission of information).
- Cryptographic support.
- Protection of user data (confidentiality, integrity, availability).
- Identification and authentication.
- Security management.
- Privacy (confidentiality of work in the system).
- Reliability of protective equipment.
- Control over the use of resources.
- Control of access to the object of assessment.
- Trusted route/channel.
In addition, amalgamations can use the uniform criteria to define the limits of their responsibility, as well as the conditions that must be met in order to successfully pass the proficiency test and certification of the product they have created. Qualification experts use this document as the main criteria for determining the compliance of IT security products with the requirements for it.
Review of Merger Information Security Standards
The unified merger criteria consider information security as a combination of confidentiality and integrity of information processed by a merger product, as well as the availability of aircraft resources, set the security tools to counter threats that are relevant to the operating environment of this product and implement the security policy adopted in this operating environment.
Mergers govern all stages of development, qualification analysis, and operation of merger products, using a scheme from the Federal criteria. Unified criteria offer a rather complex process of development and qualification analysis of IT products, requiring consumers and manufacturers to draw up and execute very voluminous and detailed regulatory documents.
Merger protection objectives are the basic concept of the unified criteria, expressing the need of consumers of a merger product to withstand a given set of security threats or the need to implement a security policy. A protection project is a special regulatory document, which is a set of protection objectives, functional requirements, adequacy requirements, general specifications of protection means, and their justification.
The merger defines a set of generic requirements that, when combined with the security profiles engine, allow consumers to create private sets of requirements that meet their needs. Developers can use the security profile as a basis for creating their product specifications. The security profile and security specifications constitute the security blueprint, which represents the merger product in the qualification review.
To ensure the protection of information, the following merger methods are used:
- Obstacle. The method is the use of physical force in order to protect information from the criminal actions of intruders by prohibiting access to information carriers and equipment.
- Access control – a method that is based on the use of regulatory resources of an automated system, preventing access to information carriers.
- Disguise – a method of cryptographic closure that protects access to information in an automated system.