Jan 31, 2019 2526times

Feasibility Study Workshop for IT Security Evaluation (CC, ISO/IEC 15408) and Certification

The Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) is one of the most popular and market (include Asia, EU, Middle-East and US market) recognized IT Security Assurance Certificates for your ICT product.

Workshop Introduction

To participate in this workshop, the following preliminary knowledge and skills were expected: 

  • Knowledge and skills of ICT security product development.
  • Knowledge of the following requirements
    • Common Criteria for Information Technology Security Evaluation (CC), V3.1, Part 1: Introduction and general model, Revision 5, April 2017.
    • Common Criteria for Information Technology Security Evaluation (CC), V3.1, Part 2: Security functional components, Revision 5, April 2017.
    • Common Criteria for Information Technology Security Evaluation (CC), V3.1, Part 3: Security assurance components, Revision 5, April 2017.
    • Common Methodology for Information Technology Security Evaluation (CEM), V3.1, Revision 5, April 2017.
    • Scheme relevant guidance, application notes and interpretations (AIS/JIL).
    • Applicable Protection Profiles (PPs) (If any)
  • ISO/IEC 27001: Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.

Who should attend?

  • The ICT product developer, i.e. R&D engineer, product manager 
  • Product manufacture, i.e. site security manager, facility manager 
  • CNII (critical national information infrastructure) client, i.e. sponsors, customer, user
  • Sales and marketing manager
  • Technical compliance officer 

Objectives

  • Understand the IT security evaluation criteria, supporting documents and scheme.
  • Understand the information security technologies used for development. 
  • Understand the development and manufacture site security requirements. 
  • Prepare and define preliminary TOE(Target of Evaluation) and project scope (if applicable).

Benefits

  • Improve the overall understanding of IT security evaluation requirements and scheme
  • Supported by the field experts to identify the feasible TOE and project scope for evaluation and certification, same time and money
  • Supported by the field experts to identify the potential gaps between existing information security technology and evaluation/certification requirements (if applicable)

Workshop outline 

Day 1, Overview to the Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) and the TOE scope

  • Introduction to the Common Criteria for IT Security Evaluation/Certification process
  • Introduction to PP(Protection Profile), ST(Security Target) and EAL(Evaluation Assurance Level)
  • Introduction to the IT security technologies and/or product (perform by the client) 
    • Functionality and use case
    • Security features 
    • Tools and techniques 
    • Cryptographic 
  • Discussion on the preliminary TOE(Target of Evaluation) scope 

Day 2, Preliminary assessment on TOE developer documents (supported by the client) 

  • Assessment of TOE design documents (include but not limited to security functionality, security architecture, and design, implementation)
  • Assessment of TOE security operation and administration documents 
  • Assessment of TOE configuration management, change management, release management process, and tools
  • Assessment of TOE secure lifecycle management and delivery process 
  • Assessment of TOE testing process and tools (include but not limited to security functionality, analysis of testing coverage and/or depth)
  • Assessment of TOE security technology vulnerability assessment  

Day 3, Preliminary assessment on TOE developer and/or manufacturer site security (supported by the client) 

  • Assessment of TOE lifecycle security management process 
  • Assessment of TOE development and/or manufacture security management processes include but not limited to: 
    • Information asset management 
    • Personnel security 
    • Physical and environmental security 
    • Communication and operational security
    • Access control
    • Information security incident management 
    • Contingency management 
    • Legal and technical compliance 
  • Summary and present the findings 

What's included? 

  • Workshop material, and presentation
  • An IT security evaluation and certification project proposal or feasibility assessment report (with possible evaluation and/or certification solution) will be delivered within 4 weeks after the workshop.

Organizational information

  • Supported by the client:The developers shall prepare and provide the following evidence in 2 weeks BEFORE the workshop:
    • Technical contents of the TOE 
    • Development site security documents
    • Manufacture site security documents
  • This is an "in-house" workshop, not public. 
  • The maximum numbers of delegates for this workshop are 20. 
  • This course is facilitated by www.TKSG.global online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.

Additional Info

Venue (地點): Asia, EU, Middle-East and USA
Time (時間): 3 days
Daily time: 09:00 ~ 17:00
Facilitator (講師): Authorized technical experts

Related items

Internet of Things (IoT) Secure Communication Module - Developer Training Course
Internet of Things (IoT) Secure Communication Module - Developer Training Course

IoT secure communication module Protection Profile (PP) developed is evaluating and certifying by Germany National Cybersecurity authority (BSI)* according to ISO/IEC 15408, it will be the 1st International recognized security specification/requirements for your IoT product. 

*Note The PP evaluation and certification process expected to be completed by Q3 2019.

Jan 31, 2019
IT Security (CC, ISO/IEC 15408) and Evaluation Assurance Level (EAL)
IT Security (CC, ISO/IEC 15408) and Evaluation Assurance Level (EAL)

Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) are International recognized IT and Product security evaluation and certification (EAL, evaluation assurance level) scheme.

Jan 31, 2019
Go to top
JSN Educare is designed by JoomlaShine.com | powered by JSN Sun Framework