Kai Rannenberg

Learn More
On initiative of the Commission of the European Communities, the Information Technology Security Evaluation Criteria (ITSEC) are designed to provide a yardstick for the evaluation and certification of the security of IT systems. To improve the usefulness of resulting evaluations and certificates for procurers, users, and manufacturers the ITSEC are intended(More)
This paper describes a concept for controlling personal reachability while maintaining a high degree of privacy and data protection. By easy negotiation of their communication requests users can reach others without disturbing the called partners and without compromising their own privacy. Reachability management can strengthen the called subscriber's right(More)
  • Kai Rannenberg
  • Security and Control of Information Technology in…
  • 1993
More and more the security of information technology becomes subject to evaluations by neutral third parties beside manufacturers and procurers. The basis of these evaluations are information technology security evaluation criteria. This contribution reports and analyses the recent development of national and harmonised criteria and the development in the(More)
The rapid growth of communication infrastructures and enterprise software solutions has caused electronic services to penetrate into our everyday life. So it is not far from reality that many personal and trust-sensitive transactions happen online. In this regard, one of the biggest challenges to deal with will be proper user authentication and access(More)
Tailor made security is being enabled by more options for specifying security policies and enhanced possibilities for negotiating security. On the other side these new options raise the complexity of transactions and systems: Users can be overwhelmed, which can lead to less security than before. This paper describes conclusions from a case study and trial(More)
Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, like the CC and the ISO-ECITS now contain components assigned to privacy. This is a step towards enhanced privacy protection, especially for non-experts. We examined the(More)
In the past independent IT security evaluation according to published criteria has not realized its potential for the assessment of privacy enhancing technologies (PETs). Main reason for this was, that PETs were not covered appropriately in the evaluation criteria. This situation has changed somewhat, and therefore this paper reports on a case study, in(More)