The Grand Goal: One Evaluation Per Planet

Slides:



Advertisements
Similar presentations
Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.
Advertisements

© Crown Copyright (2000) Module 3.2 Evaluation Management.
Sony Smart Cards and International Evaluation 2 nd Common Criteria Conference London, UK July 2001 i-Card System Solutions Division Broadband Network.
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 5.2: Evaluation of Secure Information Systems.
Latest developments Merih Malmqvist Nilsson, ILAC Vice Chair
International Recognition System for Accreditation
The 7 Year Itch - Time To Commit Or Time To Move On? Shaun Lee Security Evaluations Manager, Global Product Security.
1 © Cooley Godward 2001 PKI A SSESSMENT The process of evaluating, verifying, and certifying your PKI Presented by: Randy V. Sabett Vanguard Enterprise.
1 Common Criteria Ravi Sandhu. 2 Common Criteria International unification CC v2.1 is ISO Flexibility Separation of Functional requirements Assurance.
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
The Common Criteria for Information Technology Security Evaluation
IT Security Evaluation By Sandeep Joshi
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.
October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Bangalore, India,17-18 December 2012 Sustainable Broadband Communications: International Perspective – Common Criteria David Martin, Head of International.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
1 Information Security Standards Gary Gaskell © 2001.
Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
1 Copyright © 2014 M. E. Kabay. All rights reserved. Standards for Security Products CSH5 Chapter 51 “Security Standards for Products” Paul J. Brusil and.
1 Anthony Apted/ James Arnold 26 September 2007 Has the Common Criteria Delivered?
A Security Business Case for the Common Criteria Marty Ferris Ferris & Associates, Inc
Conformity Assessment Activities in Korea Conformity Assessment Activities in Korea CHOI, Woo Huk.
Conformity Assessment and Accreditation Mike Peet Chief Executive Officer South African National Accreditation System.
John Neuner, Program Manager ASCLD/LAB-International CWAG January 28, 2010 Sacramento, California.
Common Criteria Recognition Arrangement 8 th ICCC Rome, 25 th September 2007 Report by the MC Chairman Gen. Luigi Palagiano.
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
SUCCESSFUL BUSINESS PLANNING FOR ENTREPRENEURS © South-Western Thomson Chapter 2Slide 1 CHAPTER 2 Plan the Small Business OBJECTIVES 2-1Explain the importance.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
© 2005 Global Grid Forum The information contained herein is subject to change without notice Leading the pervasive adoption of grid computing for research.
FILE 1 Adapted from CANADIAN FOREST PRODUCTS LTD. Presentation to BCTS, 2005 Overview of Certifications.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
U.S. Common Criteria Evaluation & Validation Scheme (CCEVS) Update 25 September 2007 Audrey M. Dale Director, NIAP CCEVS.
Warm Up 2/1/11 1.What is the probability of drawing three queens in a row without replacement? (Set up only) 2.How many 3 letter permutations can be made.
CMSC : Common Criteria for Computer/IT Systems
TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.
Security consulting What about the ITSEC?. security consulting What about the ITSEC? Where it came from Where it is going How it relates to CC and other.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
1 Information Security Planning Guide CCSDS Security WG Spring 2005 Athens, GR Howard Weiss NASA/JPL/SPARTA April 2005.
Sustainable Forest Management Certification - Case Study and Future Initatives Calton Frame Resource Manager.
Copyright atsec information security, IBM, 2007 How To Eat A Mammoth Experiences With the Evaluation of Complex Software Products Under the Common Criteria.
Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
ISIA Traceability Certification. Why Traceability Matters Customers and regulators continue to be concerned about the potential for adventitious agent.
9 th International Common Criteria Conference Report to IEEE P2600 WG Brian Smithson Ricoh Americas Corporation 10/24/2008.
Metrology & Accreditation – Their Role in the Global Market Presented at the 2009 NCSLI Conference San Antonio, Texas 30 July 2009 by Roxanne Robinson.
The Common Criteria for Information Technology Security Evaluation
5/13/2018 2:10 PM Crime Laboratory Accreditation in the US and ASCLD/LAB Support of Crime Laboratory Accreditation in Mexico Anja Einseln, Forensic Scientist.
SCIENCE JOURNAL 9/18/2012.
the Republic of Kazakhstan
Example Paragraph: Skittles vs. Starbursts
IEEE 2600 Protection Profile Group
101 It’s about who knows you.
8ICCC Update for IEEE P2600 Brian Smithson Ricoh Americas Corporation
Emanuele Riva – IAF Vice-Chair
doc.: IEEE <doc#>
Introduction to VCS Version 4 Consultation
Spanish I Sra. Imhoff Preliminary Chapter
AN OVERVIEW OF THE INDUSTRIAL SECURITY PROGRAM
9th International Common Criteria Conference Report to IEEE P2600 WG
Professors’ Conference November 2008
The Right Answers Quiz.
Getting Started In Concur
Common Criteria Ravi Sandhu.
Accessing my Child Health Commissioner – A qualitative enquiry by ASCS
Common Criteria Ravi Sandhu.
IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA
Presentation transcript:

The Grand Goal: One Evaluation Per Planet Roger Allan French Compaq Computer Corporation 10 MAY 2001

Agenda Definition of the Grand Goal Brief History of IT Security Evaluations Needed Parts for the Goal Shortfalls and Prospects To Sign or Not To Sign the MRA? Questions, and maybe Some Answers

The Grand Goal Defined Too Much Money Evaluations are Expensive Too Many Resources Too Much Time 200 Countries = 200 Evaluations = 200 Versions 1 Evaluation / Planet Evaluate Once, Use Everywhere Less Money, Resources, and Time More Understanding and Assurance

A Very Brief History of IT Security Evaluations National Books The Orange Book The Green Book The Blue and White Book The CTCPEC First International Criteria ITSEC (and ITSEM) The Federal Criteria US and Canada (but no more) The Common Criteria

The Common Criteria CCEB (Editorial Board) Parts Overview, Functions, and Assurance Scheme CC  PP  Evaluation  ST  Product User Developed Protection Profiles ISO/IEC/JTC1/SC27/WG3 Competition CCIB and then CCIMB ISO 15408

A Protection Profile User Requirement e-Commerce, e-government, industry, user For example: Czech Army Protection Profile Statement of Combined Needs Agreement Procurement Conformance Standard/Spec Conformance

Parts of the Grand Goal A Common Lexicon A Common Criteria A Common Evaluation Methodology A Common Repository Mutual Recognition

Existing Parts of the Grand Goal A Common Lexicon The CC uses dictionaries, ISO glossary, other security references, and its own A Common Criteria ISO 15408 A Common Evaluation Methodology CCIMB/CEM (in process) A Common Repository AFNOR/PPR and ISO/PPRP Mutual Recognition MRA (13 countries so far)

Shortfalls and Prospects Complex Criteria / 900 page document No Method to Update/Fix No Common Evaluation Methodology Extensive Assurance National Differences Military Prospective Accreditation vs. Evaluation and more ...

To Sign or Not To Sign MRA? The Mutual Recognitions Arrangement 13 Countries, expect more Customer Countries If a Country Signs, Recognize/Recognized If You Don’t Sign, ….. Recognize Anyway Before You Sign, ….. History of Evaluation

My Conclusions The Common Criteria is the only ‘common’ criteria you will see in the next 10 years. It’s not ‘common’ enough. The Shortfalls Need to be Fixed. Fixing the Shortfalls is Worth the Effort. The Grand Goal is almost possible.

The International Common Criteria Conference ICCC – MAY 2000 600 Participants out of 1,000 + 7-page Summary Report Available In English In Polish 2nd ICCC - 18-19 JULY 2001 Brighton, U.K.

Questions Answers I don’t know. I think so. I’ll get back to you. Yes, definitely Probably not. No! I don’t understand the question. That’s a good question, next question.

Roger Allan French roger.french@compaq.com (phone) 01 603 884-4348 (fax) 01 603 884-0120 Compaq Computer ZKO3-2/T55 110 Spit Brook Road Nashua, NH 03062-2698 U.S.A.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.