"Having security mechanisms in place does not prevent your system from being vulnerable"
"A number of security incidents have been reported even on highly protected systems"
"Are deployed security mechanisms protecting your assets? Assurance evaluation will give you the response!"
European Council Council of the European Union
Information assurance in the field of communication and information systems is defined as the confidence that such systems will protect the information they handle and will function as they need to, when they need to, under the control of legitimate users. Effective information assurance must ensure appropriate levels of confidentiality, integrity, availability, non-repudiation and authenticity. (European Council)
Assurance is defined as the degree of confidence that the security needs of a system are satisfied. (US National Institute of Standards and Technology (NIST), NIST Internal Report (NISTIR) 5472 A Head Start on Assurance: Proceedings of an Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness, USA, 1994) Assurance does not add any additional controls to counter risks related to security, but it does provide confidence that the controls that have been implemented will reduce the anticipated risk. Assurance can also be viewed as the confidence that the safeguards will function as intended. (ISO, ISO/IEC 21827:2002 Information technology — Systems Security Engineering—Capability Maturity Model® (SSE-CMM®), Switzerland, 2002)
Quality assurance (QA) A planned and systematic pattern of all actions necessary to provide adequate confidence that an item or product conforms to established technical requirements (ISO/IEC24765)
Security assurance can be defined as the way to gain justifiable confidence that infrastructure and/or applications will consistently demonstrate one or more security properties, and operationally behave as expected despite failures and attacks. Assurance is a much wider notion than security, as it includes methodologies for collecting and validating evidence supporting security properties. (C.A. Ardagna, R. Asal, E. Damiani, Q.H. Vu, "From Security to Assurance in the Cloud: A Survey," in ACM Computing Surveys (CSUR), August, 2015)
The assurance provided by moon-cloud is based on evidence continuously captured on the target system. Evidence are the results of the moon-cloud monitoring and testing activities and can be made available to the moon-cloud user for deep inspection. Moon-cloud assurance guarantees that system requirements in terms of security and performance are continuously meet.