Updates on Korean Scheme IT Security Certification Center, National Intelligence Service The 8 th ICCC in Rome, Italy.

Slides:



Advertisements
Similar presentations
STRENGTHENING FINANCING FOR DEVELOPMENT: PROPOSALS FROM THE PRIVATE SECTOR Compiled by the UN-Sanctioned Business Interlocutors to the International Conference.
Advertisements

Nairobi, Kenya, 26 – 27July 2010 Maintaining Equipment Standards to ensure good QoS Mwende Njiraini Engineer I/NT/LCS Communications Commission of Kenya.
Best Practise in Using Finance Simulations in UK Higher Education By: Neil Marriott and Siew Min (Amy) Tan.
Internal environmental audit - Conf.dr.ing. Oana Brinzan – UAV Arad.
Trainer Recognition and Accreditation. New Arrangements for Trainer Recognition and Accreditation  In August 2012, the GMC released a document ‘Recognising.
Ensuring Effective Monitoring, Certification and Verification of Emissions by Jed Jones Lloyd’s Register.
Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.
ISO 9001 : 2000.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
Introduction to Environmental Management Systems (EMS)
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
Chapter 8 Assuring the quality of external participants’ contributions
Home Care Monitoring Guy Pettengell, Head of Operational Contracts.
Purpose of the Standards
Quality Assurance Review Team Oral Exit Report School Accreditation Bayard Public Schools November 8, 2011.
Chapter 19 OPERATIONS AND VALUE CHAIN MANAGEMENT © 2003 Pearson Education Canada Inc.19.1.
ASPEC Internal Auditor Training Version
Standards and Guidelines for Quality Assurance in the European
4. Quality Management System (QMS)
Introduction to SQF Certification (Use “Notes “ View in PowerPoint to see additional guidance) Use this presentation to introduce SQF Certification.
Fraud Prevention and Risk Management
4. Quality Management System (QMS)
Development of Competence Profile Quality managers in VET-institutions Project no: PL1-LEO This publication [communication] reflects the.
Control environment and control activities. Day II Session III and IV.
National Frameworks of Qualifications, and the UK Experience Dr Robin Humphrey Director of Research Postgraduate Training Faculty of Humanities and Social.
Approaches for forest certification System versus performance ? Presentation prepared by Pierre Hauselmann for the WWF / WB Alliance Capacity building.
AICT5 – eProject Project Planning for ICT. Process Centre receives Scenario Group Work Scenario on website in October Assessment Window Individual Work.
ACADEMIC PERFORMANCE AUDIT
Introduction to ISO New and modified requirements.
1 Anthony Apted/ James Arnold 26 September 2007 Has the Common Criteria Delivered?
Lec#3 Project Quality Management Ghazala Amin. 2 Quality Specialist-Job responsibility Responsibilities Reports monitoring and measurement of processes.
Kay Higby Responsible Care Superintendent ISO Management Representative Akzo Nobel Functional Chemicals, LLC.
GUIDELINES ON CRITERIA AND STANDARDS FOR PROGRAM ACCREDITATION (AREA 1, 2, 3 AND 8)
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.
Instructional Plan | Slide 1 AET/515 Instructional Plan December 17, 2012 Kevin Houser.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
Optimizing Business/Marketing Curriculum Dr. Leane Skinner By PresenterMedia.comPresenterMedia.com.
ISO, QMS & CIR Awareness 2013.
OHT 12.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Introduction Types of external participants Risks and benefits of introducing.
Quality Assurance Review Team Oral Exit Report School Accreditation Center Grove High School 10 November 2010.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
organization – status 2015 – scheme – integrity program – strategy
Unit-5 Introduction to IS/ISO 9004:2000 – quality management systems – guidelines for performance improvements. Presented by N.Vigneshwari.
ISO DOCUMENT CONTROL. ISO Environmental Management Systems2 Lesson Learning Goals At the end of this lesson you should be able to: 
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Quality Assurance Review Team Oral Exit Report School Accreditation Sugar Grove Elementary September 29, 2010.
Internal and external quality evaluation of internal audit in public sector in Ukraine Maxim Timokhin, Head of CHU, Public Financial Inspection, Ukraine.
February, MansourahProf. Nadia Badrawi Implementation of National Academic Reference Standards Prof. Nadia Badrawi Senior Member and former chairperson.
WORKSHOP ON ACCREDITATION OF BODIES CERTIFYING MEDICAL DEVICES INT MARKET TOPIC 9 CH 8 ISO MEASUREMENT, ANALYSIS AND IMPROVEMENT INTERNAL AUDITS.
Workshop on Accreditation of Bodies Certifying Medical Devices Kiev, November 2014.
Reforms in the Albanian Public Procurement System 7 th Regional Public Procurement Forum Tbilisi, Georgia May 16-19, 2011 PUBLIC PROCUREMENT AGENCY 1.
9 th International Common Criteria Conference Report to IEEE P2600 WG Brian Smithson Ricoh Americas Corporation 10/24/2008.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
8 Nobermer, 2010 Sungsoo Chun, MPH, PhD, Easton Reid, PhD, Mi-Kyung Kim Korean Institute on Alcohol Problems School of Health and Welfare, Sahmyook University,
Safety Management Systems Session Four Safety Promotion APTA Webinar June 9, 2016.
Albanian Qualifications Framework Ejvis Gishti, NAVETQ Kiev, March
ISO Certification For Laboratory Accreditation ISO Certification For Laboratory Accreditation.
Your partner for certification ISO-BIS Regional Workshop Certification and Conformity Assessment 6-7 December 2004, Hotel The.
Overview of IT Auditing
Quality Management chapter 27.
9th International Common Criteria Conference Report to IEEE P2600 WG
Emulsion Task Force Meeting
Role of Evaluation coordination group and Capacity Building Projects in Lithuania Vilija Šemetienė Head of Economic Analysis and Evaluation Division.
Presentation transcript:

Updates on Korean Scheme IT Security Certification Center, National Intelligence Service The 8 th ICCC in Rome, Italy

IT Security Certification Center Introduction to ITSCC  ITSCC(IT Security Certification Center) is…  Aiming at enhancing the IT security in government organizations by evaluating and certifying commercial IT security products that government organizations plan to procure  The certification body of Korea for security certification, responsible for proper operation of the Korean Evaluation and Certification Scheme(KECS)  Our Six Main Roles  Issue Common Criteria certificates for IT security products  Regulate the procurement of products within government  Plan and develop Protection Profiles for IT security products  Approve IT security evaluation facilities  Operate the training and education program for evaluators  Participate in CC related international cooperation

IT Security Certification Center Korean Procurement Policy  Government organizations must procure certified IT security products since 1 Jan  To promote the use of Common Criteria in Korea  To encourage Korean developers to produce sound security products that meet the international standards  Although this policy certainly contributed to the provision of improved confidence in commercial IT security products…  Encountered a problem  The number of products applying for CC certificates far- exceeded the evaluation capacity we can afford  This means products have to wait for a long time in the queue before actual evaluation work begins

IT Security Certification Center New Evaluation Facilities(1)  Most obvious and effective solution was to expand evaluation capacity of the country  There was only one evaluation facility, KISA(Korea Information Security Agency), which had been established by law  In Dec. 2006, introduced a new procedure to approve evaluation facilities by amending the Korean Standard Lab. Accreditation Program  As a result, we have two more evaluation facilities  Early this year, KTL(Korea Testing Laboratory) and KOSYAS(Korea System Assurance) applied for approval  After accredited against ISO 17025, KTL and KOSYAS were finally approved as an evaluation facility on 29 June and 9 August, respectively

IT Security Certification Center  Established the CC evaluator’s license program  To produce quality IT security evaluators in order to meet demands from new evaluation facilities  Also, the need for systematic training and education of evaluators arose to ensure the quality of their work  Three types of evaluator status * In addition, we also teach top-notch graduate students to educate them as CC evaluators with high standard from this semester New Evaluation Facilities(2) TypeIssuing ConditionEntitled Activity Trainee Evaluator Successful completion of 10-day education and having passed a written exam Can participate in CC evaluation under supervision of higher grade evaluators (Formal) Evaluator Participated in one or more EAL3 evaluation Can perform evaluation of products up to EAL3 Senior Evaluator Participated in two or more EAL4 evaluations AND worked over 3 years as an evaluator Can perform evaluation of products up to EAL4 and become an evaluation team leader

IT Security Certification Center Domestic Certification  Introduced a domestic certification scheme to shorten the evaluation time itself  Intended to deal with the products having waited or being expected to wait in the evaluation queue for quite a long time, say, more than a year  Identical to CC except that sampling-based evaluation is used for some components rather than full examination, being able to save evaluation time up to four weeks  The domestic scheme can only be regarded as a temporary solution because…  It still requires the same developer’s evidence as CC  And there is no significant reduction in evaluation time at the expense of internationally recognized CC certification * Note : This domestic scheme is outside the scope of the conference

IT Security Certification Center Provision of PPs  Timely provide PPs that are very needed by IT security product developers  We believe guiding developers to build products correctly and rightly can significantly reduce the evaluation time as it can reduce potential ORs raised by evaluators  In view of this, ITSCC develops 4 Protection Profiles a year for the products with a large demand from government organizations and a high potential for market growth AND a high potential for market growth * PPs can be downloaded from (in Korean) (not competed yet) Antivirus with a networked admin console WLAN authentication system Anti-spam system Enterprise Security Management(ESM) Web application firewall e-Cover for electronic passport Enterprise digital right management system USB authentication token

IT Security Certification Center CEMS (1)  Improve the management process of evaluation and certification by employing an automated document management system called CEMS  Handled documents manually because EF and CB are located very closely and therefore preferred in-person contact  However, manual handling of deliverables between CB and EF was partly responsible for inevitable delays in evaluation  Moreover, location of new EFs are widely separated across the city and therefore electronic communication becomes necessary  Therefore, started to build the CEMS system  Supports electronic management of documents  And also some essential functions of project management such as real time monitoring of progress * CEMS : Certification and Evaluation Management System

IT Security Certification Center CEMS (2)  CEMS is a web-based client-server system, running on Windows Server with IIS and MS-SQL  It consists of two subsystems, called CMS and EMS  CMS stands for Certification Management System while EMS stands for Evaluation Management System  CMS can only be accessible to certifiers inside the CB  EMS communicates with evaluation facilities’ own system through secure communication channels CEMSCEMS

IT Security Certification Center CEMS (3)  Main Features of CEMS developed so far:  Online document management and storage  Real-time monitoring of work progress  Management of document templates  CEMS user management and audit functions  Backup and other system maintenance  With the help of CEMS, we expect to achieve the improved efficiency in evaluation and certification and reduction in evaluation and certification time  For anyone interested in CEMS, demonstration is available at out booth outside

IT Security Certification Center Conclusion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.