What Is a Protection Profile?

In computing, a protection profile is a type of security measure used as part of a process commonly referred to as Common Criteria. The main function of a protection profile is to ascertain the effectiveness of various types of security protocol, assigning a grade or level to each of those strategies. Using this approach, it is possible to evaluate the competency of the security measures associated with a network as well as the individual systems and components that come together in that network.

One of the main approaches used with a protection profile is to rigorously subject a system, software, or hardware to a series of threats to determine how those components are able to manage the issues and maintain integrity. Going beyond simply determining if the threats are fended off, this approach looks a little deeper and identifies the amount of resources necessary to resist the threats, what level of interference with normal operations were caused while a threat was being deflected, and if there are any long-term effects that compromise at least a portion of those resources. From this perspective the protection profile is not just about making sure a system can effectively deal with threats but also recover from the attempt without any lasting effects.

A wide range of security protocols and strategies can be evaluated using a protection profile approach. This includes firewalls for both personal and business computing systems and networks, issues that may be inherent with the current versions of different types of operating systems, key recovery potential, and even with antiviral software programs. By subjecting these and other elements relevant to the operation of computer networks, it is possible to determine if there are inherent flaws in the latest releases, and enhance the certification process related to different systems as well as identify potential flaws that could otherwise remain undetected until it is too late.

Not everyone is in agreement with the process of using a protection profile strategy. One school of thought holds that the evaluation process itself can be flawed, as the conclusions may be somewhat subjective based on the parameters of the testing. Others hold that while there may be some concern for managing subjectivity in the process, this approach has, in the past, identified potential issues that could have left networks open to malicious attacks and remain one of the more effective ways to helping to keep a system secure and uncompromised.