Five Easy Steps to Successful CC Evaluations Wesley H. Higaki International Common Criteria Conference September 2008.

Slides:

Advertisements

Similar presentations

Symantec Education Skills Assessment SESA 3.0 Feature Showcase

Advertisements

 Better preparation before the interview  Develop a point of view / personal brand  Create a “springboard” for intelligent dialogue  Deeper engagement.

*significant capabilities highlighted.

IT Analytics for Symantec Endpoint Protection

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.

Online Shopping Self-Defense

1 Online Self-Defense: Avoiding Scams Chau Mai December 5, 2013.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Bill McClanahan – Principal Business Consultant LPS Integration.

Backup Modernization with NetBackup Appliances

Click to edit Master title style Click to edit Master subtitle style.

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

*significant capabilities highlighted.

Agenda Preparation, and the Elevator-Pitch Competency-based Interviews Behavorial Questions STAR response Questions to ask.

First Practice - Information Security Management System Implementation and ISO Certification.

1 When Cloud Networking meets Cloud Computing: Software-Defined Networking (SDN) Customer Application Faan DeSwardt Infrastructure Architecture Manager.

WELCOME TO THE PROCUREMENT SEMINAR Procurement and Contracts An Overview of Contract Administration.

GPS 2011 Slide - 1 COMPETITIVE STRATEGIES APAC Discussion.

Software Assurance customers earn Planning Services days Customers redeem Planning Services days for DTDPS engagements Qualified partner or Microsoft.

Guiding principles for the Federal acquisition system

Business Acquisition Process Implementation & transition Closing Negotiation of the transaction Due Diligence Engagement TargetIdentification.

GPS 2011 Slide - 1 THE CERTIFICATION REVOLUTION HOW IT INDUSTRY CERTIFICATION HAS REVOLUTIONIZED THE AMERICAN SCHOOL SYSTEM Denise Spence, Dunbar High.

President’s Forum and WSML 2012 INDSTRAT 02 Mobile Market Dynamics Brian Duckering, Deborah Clark, Evan Quinn “A Day in the Life of Mobile” 1.

The Next Phase of Virtual Infrastructure Kevin Bailey Director - Product Marketing EMEA Symantec Corporation.

The Art and Science of Smart Hiring Rose Clements – HR Director, Microsoft.

Business Ready Community Planning Grants Presentation WEDA Fall Conference September 26, Investment Ready Communities.

Preparing for Automation Dr. Dania Bilal IS 582 Spring 2006.

Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.

1 Safely Using Shared Computers Amanda Grady December 2013.

© 2003 Cerner Corporation. All rights reserved. This document contains Cerner confidential and/or proprietary information which may not be reproduced or.

Overview Lifting the Curtain - Debriefings FAI Acquisition Seminar.

Chapter 11. Intro  What is Project Management?  Project Manager  Project Failures & Successes Managing Projects  PMBOK  SDLC Core Process 1 – Project.

Resume Builder Todd Abel, Microsoft Copyright Notice © 2003 Microsoft Corporation. All rights reserved.

A Focus on CME and Grants Nancy Coddington, PhD Senior Director, Compliance Operations AstraZeneca Pharmaceuticals LP And Terry Hisey Deputy Managing Principal.

1 This Presentation is printed on recycled materials.

GPS 2011 Slide - 1 MS CERT KIT Microworld Nova. GPS 2011 Slide - 2 Presentation of Microworld Nova The MS Cert Kit MS Cert Kit presentation The backend.

Quick Thoughts on PGP Use Cases for KMIP 1 Michael Allen Sr. Technical Director.

The current state of Cybersecurity Targeted and In Your Pocket Dale “Dr. Z” Zabriskie CISSP CCSK Symantec Evangelist.

1 SELLING TO THE MOD. 2 Contracts Placed MOD places approximately 20,000 new contracts a year at present.  Downward trend – in mid/late 1990s MoD placed.

President’s Forum and WSML 2012 SYMSTRAT 03: Enterprise Sales Conversations for Virtualization Todd Zambrovitz with guest appearance by Kevin Fiedler 1.

WLAN Auditing Tools and Techniques Todd Kendall, Principal Security Consultant September 2007.

Mario Čagalj Sveučilište u Splitu 2014/15. Sigurnost računala i podataka.

Innovation From the Ground Up Fred Hollowood, Martin Roche.

Auditor’s Professional Roles and Responsibilities.

Network design Topic 1 Business goals. Agenda Network life cycle Network design process Business goals Scope Constraints.

Installation of Storage Foundation for Windows High Availability 5.1 SP2 1 Daniel Schnack Principle Technical Support Engineer.

How to be Successful During a Job Interview ZARA ZEITOUNTSIAN DIRECTOR OF COMMUNICATIONS AUA.

RECOMMENDATIONS OF THE GOVERNOR ’ S TASK FORCE ON CONTRACTING AND PROCUREMENT REVIEW Report Overview PD Customer Forum September 2002.

1 APJ Curriculum Paths for Partners Specialization Accelerates Shirley Hoon APJ Partner Enablement Partner Enablement Oct

Shared Engineering Services APJ Ghostdetect ver 1.0 for SPC Donghyun Seo Dec 12, 2008.

Upstate NY Storage & High Availability User Group October 23, 2009.

Procurement in Projects Financed by Islamic Development Bank Presented during Project Start-up Workshop September 2015, Jakarta, Republic of Indonesia.

Welcome to this Organizational Behavior course that uses the 16th edition of the textbook, Organizational Behavior by Robbins and Judge. This is considered.

Partner Proctored Assessment Registration Process Ajit Jha 1 Partner Assessment.

The Business of Buying at UT Arlington UT Arlington Procurement Division.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

PRE-PLANNING FOR CONSTRUCTION PROJECTS. OVERVIEW ASSESSING OWNER CAPABILITIES ANALYSIS OF RESOURCES REGULATORY REQUIREMENTS SITE DEVELOPMENT REVIEWING.

APIs related to NBU AIR Feature 1 OST APIs Related to NBU AIR Feature.

Maximize Profits Through Stronger Security Brook Chelmo Product Marketing

Chapter 11 Project Management.

SACSCOC Fifth-Year Readiness Audit

Selling Your Home Teri Radcliff, Realtor.

How to Choose the Right Database(s) for Your Organization

Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER

Interview Process Skills Evaluation, Hire & On-Board Positions

DAU Hot Topics Forum on:

DAU Hot Topics Forum on:

Project Management Chapter 11.

Interview Process Skills Evaluation, Hire & On-Board Positions

Track 3 Security.

Presentation transcript:

Five Easy Steps to Successful CC Evaluations Wesley H. Higaki International Common Criteria Conference September 2008

2 Five Easy Steps Do some research1 Work with competent consultants and labs2 Gather internal documentation3 Allocate time4 Track business impact5

3 Symantec Background Commercial Off-The-Shelf (COTS) product vendor –Provide security and availability products –Comprised of many small acquisitions Experience with CC Consultants –Experience with both good and bad ones –We’ve tried doing it without consultants Experience with CC Schemes –Used US CCTLs –As well as UK and Canadian Labs CC Certifications –12 successful certifications –EAL 2 through 4 3

4 Intended Audience Vendors going through their first CC evaluation –Tips and pitfalls Consultants and labs –Opportunities to offer additional service 4

5 Step 1: Do Some Research Clearly define the business case –Develop the business justification Understand the costs for evaluation –Evaluator, consultant visible costs –Development team hidden costs –Lost opportunity costs Understand what is involved in the CC evaluation process –Consultant opportunity Provide the motivation to engage the technical team –Weigh the costs vs. benefits 5

6 Step 2: Hire Competent Consultants and Labs Do not go it alone! Go with experience –With CC –With product technology type –Good track record Pre-evaluation assessment –Make go/no-go decision after the assessment Seek firm, fixed-price contracts –Incentives for everyone to do things right 6

7 Step 3: Gather Internal Documentation Hackers and slackers need not apply Have procedures and document them –Documentation needs to reflect reality Without documentation be prepared to answer a lot of questions about the product and processes 7

8 Step 4: Allocate Time Development and QA cooperation and time allocation is critical to success –Speaking from experience, without it, the project will fail This is a reflection of commitment and business justification 8

9 Step 5: Track the Business Impact Knowing how much business impact certified products have is important to justify future efforts Makes justifying the next certification easier 9

© 2006 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. Thank You! Wes Higaki, Director – Product Certifications + 1 (650)