Information security and assurance
Security breaches often occur due to a mixture of defective communication protocols, lack of awareness of security procedures or recklessness, defective software designs, improper procedures, bad configurations of systems, and so forth (Pedro & Ashutosh, 2010). Organizations, such as the Trusted Computer System Evaluation Criteria (TCSEC), Information Technology Security Evaluation Criteria (ITSEC), Systems Security Engineering Capability Maturity Model (SSE-CMM), and the Common Criteria have, therefore, formulated a series of standards, or models, and metrics that are intended to tighten security. The purpose of these metrics is to find ways of assessing security lapses and tightening them. Their result has been improved outcome in data safety and security.