© Crown Copyright (2000) Module 2.4 Development Environment.

Slides:



Advertisements
Similar presentations
© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
Advertisements

Supporting further and higher education JISC VRE Programme Quality Planning 12/01/05.
© Crown Copyright (2000) Module 2.3 Functional Testing.
16 August 2010© Crown Copyright (2010)1 Module 2.8 Assurance Continuity and Composition.
© Crown Copyright (2000) Module 3.1 Evaluation Process.
Security Requirements
© Crown Copyright (2000) Module 2.0 Introduction to Module 2.
© Crown Copyright (2000) Module 2.5 Operational Environment.
Module 1 Evaluation Overview © Crown Copyright (2000)
© Crown Copyright (2000) Module 3.2 Evaluation Management.
© Crown Copyright (2000) Module 2.7 Penetration Testing.
© Crown Copyright (2000) Module 2.2 Development Representations.
Software Quality Assurance Plan
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Software Quality Assurance Plan
Enterprise Resource Planning
Auditing Computer-Based Information Systems
IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Open Source Security Myth — And How to Make it A Reality Michael Davis Dynamic Security Concepts, Incorporated Track 3, 1300 Sunday, 1 August 2004.
The Islamic University of Gaza
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Systems Analysis and Design Chapter 12.
Supplement 02CASE Tools1 Supplement 02 - Case Tools And Franchise Colleges By MANSHA NAWAZ.
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
Introduction to ISO New and modified requirements.
Introduction to Software Quality Assurance (SQA)
Software Engineering Term Paper
Chapter 2 The process Process, Methods, and Tools
Information Systems Security Computer System Life Cycle Security.
Security Assessments FITSP-A Module 5
Software Quality Assurance Activities
PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design, 2 nd Edition Copyright 2003 © John Wiley & Sons, Inc. All rights reserved.
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
CMM Level 2: Repeatable Copyright, 2000 © Jerzy R. Nawrocki Quality Management.
Important informations
Software Development Cycle What is Software? Instructions (computer programs) that when executed provide desired function and performance Data structures.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.
Chapter 18: Introduction to Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
Verification and Validation Assuring that a software system meets a user's needs.
Project quality management. Introduction Project quality management includes the process required to ensure that the project satisfies the needs for which.
1 Common Evaluation Methodology for IT Security Part 2: Evaluation Methodology chapter 5-8 Marie Elisabeth Gaup Moe 06/12/04.
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Audit Evidence Process
TM8104 IT Security EvaluationAutumn Evaluation - the Main Road to IT Security Assurance CC Part 3.
VERIFICATION AND VALIDATION TECHNIQUES. The goals of verification and validation activities are to assess and improve the quality of the work products.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Information Security tools for records managers Frank Rankin.
Configuration Control (Aliases: change control, change management )
Responsibilities of Test Facility Management, Study Director, Principal Investigator and Study Personnel G. Jacobs Belgian GLP Monitorate Zagreb, 17 December.
Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.
Introduction for the Implementation of Software Configuration Management I thought I knew it all !
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
Project Quality Management
Developing the Overall Audit Plan and Audit Program
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
Chapter 18 Maintaining Information Systems
Introduction to the Federal Defense Acquisition Regulation
Quality Management Perfectqaservices.
Software Reviews.
Presentation transcript:

© Crown Copyright (2000) Module 2.4 Development Environment

You Are Here M2.1 Security Requirements M2.2 Development Representations M2.3 Functional Testing M2.4 Development Environment M2.5 Operational Environment M2.6 Vulnerability Analysis M2.7 Penetration Testing M2.8 Assurance Maintenance/Composition MODULE 2 - ASSURANCE

What is the DEA? Scope –TOE development, production and maintenance Contributes to Assurance by –providing confidence in TOE integrity Involves –examination of procedures and standards –site visits

Aspects Covered Configuration Management Development Environment Security Development Tools

Configuration Management Configuration System –prevention of unauthorised changes –acceptance procedures Configuration Items Automation

Development Environment Security Security Measures –Physical –Procedural –Personnel –Logical Integrity of TOE Confidentiality of Design

Development Tools Programming Languages –must be well defined –meaning of all statements unambiguous Selected implementation-dependent options documented –languages –compilers

Site Visits Objective - find out what actually happens Confirm documented procedures and measures followed Examine documentary evidence

ITSEC Requirements AspectE1E2E3E4E5E6 Version controlTOECL DEA visit Acceptance procedures 4444 Automated Tool Support 444 Rebuild TOE 444 Dependencies between CIs 44 Developers Security 4444 Languages & Compilers 4444

CC Requirements AspectEAL1EAL2EAL3EAL4EAL5EAL6EAL7 Version controlTOECL DEA visit Acceptance procedures 4444 Automated Tool Support 4444 Dependencies of CIs 44 Development Security Life-cycle model DEVSTD MES Tools & Techniques 4444

Lifecycle Model - 1 Life-cycle model must ensure adequate control over TOE development and maintenance Covers procedures, tools and techniques Intent is to minimise risk of introduction of security flaws

Lifecycle Model - 2 Examples Waterfall Model V Model Rapid Application Development (RAD)

Flaw Remediation Identify Flaws Documentation Resolution Assurance Maintenance

Evaluation Reporting Examination of documentation –show how & where requirements satisfied Site visits –development staff interviewed –evidence inspected –coverage of aspects

Summary Confidence in the TOE integrity Site visits –preparation the key –records Where does it fit ?

Further Reading ITSEC evaluation UK SP 05 Part III, Chapter 8 CC evaluation CC Part 1, Section CC Part 3, Sections 2.6.1, 2.6.5, 8 and 12 CEM Part 2, Chapters 5-8 (ACM/ALC sections)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.