1 / 22

“Consorzio RES and IT Security Certifications”

“Consorzio RES and IT Security Certifications”. 1/22. Consorzio RES originates in 1997 in response to the ICT market growing needs in the framework of security processing and maintenance of electronic data. the Consorzio RES operates as.

elroy
Download Presentation

“Consorzio RES and IT Security Certifications”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. “Consorzio RES and IT Security Certifications” 1/22

  2. Consorzio RES originates in 1997 in response to the ICT market growing needs in the framework of securityprocessing and maintenance of electronic data the Consorzio RES operates as Evaluation Centre (CE.VA.) qualified by ANS (the Italian National Security Authority) Security Evaluation Laboratory (LVS) qualified by the OCSI(ISTICOM) Global Consultant in the physical, organizational and ICT security 2/22

  3. Consorzio RES is a laboratory qualified to perform Security Evaluation Processes according to the following National Schemes Scheme managed by ANS,the certification bodyfor security Evaluation and Certification of systems and products dealing with classifiedinformation concerning the National Security (DPCM of the 11/04/2002) Scheme managed by OCSI, the certification bodyfor security Evaluation an Certification of commercial systems and products(DPCM of the 30/10/2003) What is an Evaluation Process ? 3/22

  4. in a while with money savings at high assurance level An Evaluation Process is part of a Certification Process and has the purpose to produce a Final Evaluation Report. On the base of this report the Certification Body produces the Certification Report and, eventually,the Certificate So, the target seems to be achieving the Security Certificate …and this target MUST be achieved… 4/22

  5. ? ! … these are Customers usual requests! 5/22

  6. Experience taught us to respect the Customers needs Consequently Consorzio RES has consolidate an operative metodology with certain benefits for the Customers Our approach punctually answers to the main problemsof the ones who are disposed to engage a certification process 6/22

  7. Why certify What certify How much spend … and the presumptionsof our Customers are… 7/22

  8. Why certify 49% 49% 2% It is necessary to sell our product… Our direct competitor has just achieved the security certificate for his product… We have some left-over money in our project… 8/22

  9. Whatcertify 50% 50% All We don’t know… 9/22

  10. How much spend 50% 50% Few money We have this available amount…do what you can! 10/22

  11. Analysis of these needs has driven the Consorzio RES in the development of a working metodology that attends the Customers since before the Evaluation Process start-up Followed approach answers to the Customers needs though respecting all procedures of the reference scheme as well as used security standard for the system/product evaluation Consorzio RES intervention, since the Certification is only an hypothesis, allows the Customers to resolve to their advantage the previous problems 11/22

  12. So that data requiring protection can be managed in a security contextappropriate to real environment Why certify ” Since before the starting of Evaluation Process, Consorzio RES cooperates with the Customers ina clear definition of: Most suitable operating environment Strictly necessary countermeasures Real security needs 12/22

  13. Only the components (HW/SW) that, implementing Security, are effectively contrasting the supposed threats What certify ” One of the major activities of Consorzio RES is to support Customersto clearly mark offthe boundaries of: Operating environment items Target of Evaluation Everything else 13/22

  14. How much spend “ The bare minimum after having correctly answered to the questions: Why certify? What certify? ” 14/22

  15. It is frequent that Security Problem ambiguitiesare transposed in a cautionary extention of the boundaries of Target of Evaluationand its Operating Environment, as well as in the definition of Security Procedures onerous for the workaday users operations Certificationcostincreasing Certificationtimeincreasing Confusion about true Security Objectives HW/SWObsolescence Rules/Standards Modifications 15/22

  16. Evaluation Assistance Phase Certificate Emission Evaluation Starting certification Evaluation Ending Evaluation Preparation Phase Evaluation Phase Consorzio RES Intervention Areas 16/22

  17. Evaluation Assistance Phase certification Evaluation Preparation Phase Evaluation Phase Critical Success Factors (1/2) 17/22

  18. Critical Success Factors (2/2) Evaluation Preparation Phase Evaluation Assistance Phase Paying attention to these Critical Success Factors remarkably reducesthe risk to cumulate considerable delays during a certification process, in behalf of costs and operatives engagements for system/product under certification Identification of Security Aspectsstrictly related to theSecurity Problem Very well written evaluation documents compliant with referential Security Standard 18/22

  19. Turn key solutions Evaluation Preparation Phase Evaluation Assistance Phase Evaluation Phase Consorzio RES is able to offer all these services during a same certification process, having the availability of highly qualified personnelin a sufficient number to guaranteetheindependencyexpected by national scheme 19/22

  20. Every human resource of Consorzio RES is skilled according to the most recent security standard, recognized by an international board: Common Criteria v.3.1 (ISO/IEC 15408) Every human resourceof Consorzio-RES is also qualified, by both certification bodies, for the respective schemes, to hold the Evaluator role during the evaluation process 20/22

  21. theCustomers trust has allowed us to achieveprimacy goals ...all unavoidable results of the care and the skills by which “Consorzio RES” answers to the Customers needs First Italian LVS to obtain required qualification to carry out products/systems or protection profiles evaluation process according to the National Scheme managed by OCSI First Italian LVS to have completed an evaluation process according to the National Scheme managed by OCSI First Italian laboratory to have completed several Common Criteria evaluation processes according to the National Scheme managed by Italian National Security Agency 21/22

  22. Other information on: www.consorzio-res.it Contact: contatto@consorzio-res.it 22/22

More Related