1 / 14

IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA

IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA. Roland Mueller T ÜViT, Inc. 8716 North Mopac Austin, TX 78731 phone: (512) 795-0494 email: roland@tuvit.net URL: http:\www.tuvit.net. Presentation Plan. History of Harmonization Evaluations within QM Scheme

gaenor
Download Presentation

IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT SECURITY EVALUATION ACCORDING TO HARMONIZED AND APPROVED CRITERIA Roland Mueller TÜViT, Inc. 8716 North Mopac Austin, TX 78731 phone: (512) 795-0494 email: roland@tuvit.net URL: http:\\www.tuvit.net

  2. Presentation Plan • History of Harmonization • Evaluations within QM Scheme • Characteristics of an Evaluation Process • Main Goal of an Evaluation • Types of Evaluations • Scaled Security • Basic Approach • Evaluated IT Components / Systems

  3. Orange Book (TCSEC) 1985 Canadian Criteria (CTCPEC) 1993 UK Confidence Levels 1989 Federal Criteria Draft 1993 Common Criteria 1998ISO/IEC 15408 ITSEC1991 German Criteria 1989 French Criteria 1989 HISTORY OF HARMONIZATION

  4. EVALUATIONS WITHIN THE QM-SCHEME TGA Certificate Accreditation Body(EN 45002/3) Evaluation Body(EN 45001) Certification Body(EN 45011) Manufacturer/Product( ISO 9001)

  5. CHARACTERISTICS OF AN EVALUATION PROCESS Impartiality Objectivity Repeatability Reproducibility

  6. MAIN GOAL OF AN EVALUATION CONFIDENCE in implemented Security Measures

  7. collaterally afterwards Re-Evaluation TYPES OF EVALUATIONS

  8. SCALED SECURITY Security Functionality technical security measures designed with a specific security purpose Assurance Level confidence in the correctness of the security functionality Effectiveness Level confidence in the robustness of the security functionality

  9. Integrity Confidentiality Availability SECURITY FUNCTIONALITY (I): DEFINITION

  10. Generic Headings I&A Access Control Accountability ... ITSEC CC SECURITY FUNCTIONALITY (II): PRESENTATION FunctionalRequirements (Part II) • modular • hierarchical • dependencies • or • manufacturer requirements

  11. ITSEC CC ASSURANCE LEVEL E6EAL7 E5EAL6 E4EAL5 E3EAL4 formallyverifieddesignandtested E2EAL3 semi-formallyverifieddesign andtested E1EAL2 semi-formallydesignedandtested methodically designed,tested and reviewed methodically tested andchecked EAL1 structurally tested functionally tested

  12. EFFECTIVENESS LEVEL protection against casual breach basic protection against straightforward or intentional breach medium protection against deliberatelyplanned or organized breach high

  13. BASIC APPROACH Security Target(Protection Profile) Installation Tests Configuration Specification Start Up Design Security Analyses Operation Implementation Operational Environment Development Environment

  14. EVALUATED IT COMPONENTS / SYSTEMS • Smart card Operating Systems (E3 - E4, high) • PC Security Products (E1, basic - E3, high) • Smart card Readers (E1 - E2, basic) • Personalization Systems (E2, medium) • Security Modules (E3, high) • Security Controller (Chip-Hardware) (E4, high) • Technical Components According to SigG (E2, high / E4, high) • ... „TÜViT History“

More Related