Commercial products that offer public key infrastructure (PKI) and access controls such as biometrics should be thoroughly tested before being implemented in a production environment.
The Common Criteria for Information Technology Security Evaluation (ISO 15408) was developed to enable independent parties to evaluate security products and systems consistently based on standards.
Answer the following question(s):
Assume your organization wants to implement a retina scanning system. An independent evaluation is available based on Common Criteria. Would you base your purchasing decision on the evaluation alone or in concert with an in-house proof of concept (PoC)? Why?
Fully address the questions in this discussion; provide valid rationale or a citation for your choices; and respond to at least two other students’ views.
Initial post should be at least 350 words in length. Each reply post should be at least 150 words in length.

2. Assume you are a security professional. You are determining which of the following backup strategies will provide the best protection against data loss, whether from disk failure or natural disaster:
   • Daily full server backups with hourly incremental backups
   • Redundant array of independent disks (RAID) with periodic full backups
   • Replicated databases and folders on high-availability alternate servers
   Answer the following question(s):
3. Which backup strategy would you adopt? Why?
   Fully address the question(s) in this discussion; provide valid rationale for your choices, where applicable; and respond to at least two other students’ views.