Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yesterday’s entertainment

Published byЛеонид Таптыков Modified over 5 years ago

Similar presentations

Presentation on theme: "Yesterday’s entertainment"— Presentation transcript:

1 Yesterday’s entertainment
Decided to remove Denial of Service threats, and related assets, objectives, etc., from the PPs DoS will remain in the P2600 best practices and mitigation techniques Decided to not consider the external network environment as a TOE asset, and to remove threats against that asset Instead, use OSPs as the basis for security objectives related to the TOE doing no harm to external devices Decided to use the proposed Family of PPs approach instead of the proposed Packages approach Decided to use the organization/content of PPs that makes it possible to apply the FPP to any combination of Print, Scan, Copy, and Fax, with or without network, etc.

2 Ideas for roundtable discussion
How to get assurances from schemes (US, JP, others?) that our FPP approach is acceptable Would they certify this kind of FPP and conforming STs? If the FPP was certified by another scheme, would they be comfortable certify conforming STs? How to approach the problem of getting the FPPs evaluated by a CC lab and the P2600.* draft standards approved by the IEEE standards process? Some comments/corrections will be made by different reviewing bodies and will need to be merged into a new draft How to avoid (or negotiate away) conflicting comments? How to minimize the number of iterations

3 Ideas for roundtable discussion(2)
How to reward/acknowledge organizations that fund certification of the FPPs? Funding is voluntary We can have some acknowledgment of organizations in the front matter of IEEE standards that contain each of the four FPPs We could also have some acknowledgment in the front matter of FPPs as they are published for the CC community (with CC front matter instead of IEEE front matter) Strategies for dealing with NIAP CCEVS, IPA, or other schemes

4 Ideas for roundtable discussion(3)
Which SFRs might be used to fulfill the objective that some data on hard disks must be protected from being salvaged from hard disks that are removed from the TOE We already know about FDP_RIP for dereferenced data We assume that encryption would be used, but FCS_ class does not specify what will be encrypted, it only specifies how crypto is handled Even if we assume crypto is used in practice, can we do so without requiring cryptography? Or at least without using FCS_ class?

5 Ideas for roundtable discussion(4)
Which SFRs might be used to fulfill the objective of preventing data from passing through the TOE (in one interface and out another) that hasn’t been mediated by the TSF? We have a special case of fax modems, using ADV_ARC? Others might use FDP_IFC/FDP_IFF How should we handle threats related to installing software? Re-installation or upgrade of the main HCD software Downloading and executing applets

Download ppt "Yesterday’s entertainment"

Similar presentations

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
Security Requirements

Security Requirements
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
National Information Assurance Partnership Paul Mansfield January 2013

National Information Assurance Partnership Paul Mansfield January 2013
IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.

IEEE- P2600 PP Validation Suggested Process and Update Members: Ron Nevo, Brian Smithson, Alan Sukert, Lee Farrell, Nancy Chen, Carmen Aubry, Peter Cybuck.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
April 2011S B Chetwynd – Research ethics, Information and Consent 1 Research Ethics, Information and Consent Dr Sue Chetwynd Associate Fellow Warwick University.

April 2011S B Chetwynd – Research ethics, Information and Consent 1 Research Ethics, Information and Consent Dr Sue Chetwynd Associate Fellow Warwick University.
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah-19112007- CEM v3.1: Chapter 10 Security Target Evaluation.

1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
1 Terrie Diaz/ James Arnold 27 September 2007 Threats, Policies, and Assumptions in the Common Criteria What is the target of evaluation anyhow?

1 Terrie Diaz/ James Arnold 27 September 2007 Threats, Policies, and Assumptions in the Common Criteria What is the target of evaluation anyhow?
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.

Comparison between Family of PPs and PP with Packages Brian Smithson and Ron Nevo.
Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.

Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
To Protect What Matters!! Protection Against Computer Virus Unit portfolio presentation by Saira Imtiaz.

To Protect What Matters!! Protection Against Computer Virus Unit portfolio presentation by Saira Imtiaz.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Similar presentations

Ads by Google