business consulting on white b/g for printing - PowerPoint PPT Presentation

About This Presentation
Title:

business consulting on white b/g for printing

Description:

Title: business consulting on white b/g for printing Author: Ian Glover _at_ Logica PR Last modified by: Frances Hannigan Created Date: 4/24/1997 10:06:59 AM – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 18
Provided by: IanG97
Category:

less

Transcript and Presenter's Notes

Title: business consulting on white b/g for printing


1
security consulting
What about the ITSEC?
2
What about the ITSEC?
  • Where it came from
  • Where it is going
  • How it relates to CC and other criteria
  • Comparison of ITSEC/CC/FIPS140 rationale
  • Mutual Recognition

3
Where it came from
  • UK (mainly government) criteria
  • German criteria
  • French and Dutch proposals
  • Proposed new UK criteria
  • European harmonisation ...

4
Where it came from 2
5
The future
  • Common Criteria (CC)
  • Upgrade path defined in UK
  • Common Evaluation Method (CEM)
  • ISO standard 15408
  • Mutual Recognition
  • Global market

6
The future 2
  • Certificate Maintenance Scheme (CMS)
  • Based on Logicas Traffic Light Method for
    re-evaluation
  • The UKs version of RAMP
  • In CC as Maintenance of Assurance (AMA)

7
How it relates to CC and other criteria
1999
1983
1993
1996
1989
1991
ORANGE BOOK
FEDERAL CRITERIA
US
CTCPEC
CANADA
COMMON CRITERIA
ISO15408
MEMO 3 DTI
UK
ZSEIC
ITSEC
GERMANY
B-W-R BOOK
FRANCE
8
How it relates to CC etc - 2
9
Comparisons
  • Orange Book
  • Specific functionality
  • FIPS 140
  • Specific crypto architecture
  • Derived Test Requirements
  • consistency, etc
  • ITSEC
  • General functionality
  • General architecture
  • Not really for crypto, but not excluded
  • Requirements case-by-case
  • more subjective?

10
Comparisons 2
  • ITSEC
  • 163 pages
  • E1 to E6
  • Separate Correctness and Effectiveness
  • No pre-defined functionality
  • CC
  • 638 pages
  • EAL1 to EAL7
  • Effectiveness merged in with correctness
  • No pre-defined functionality mandated

11
Comparisons 3
  • Orange Book/FIPS
  • Defines the security problem
  • Guides architecture and functionality to sensible
    solution
  • Defines how it is tested
  • ITSEC/CC
  • Lets you define the security problem
  • Allows any solution, since there may be any
    problem
  • Defines what evaluators must do to derive how to
    test it

12
Mutual Recognition - ITSEC
  • Originally bi-partite arrangements
  • UK-Germany
  • Germany-France
  • France-UK
  • Then SOG-IS MRA
  • 11 nations in EU
  • Extended with bi-partite arrangements
  • UK-Australia
  • Applies E1-E6
  • Not legally binding

13
Mutual Recognition - CC
  • Interim Recognition
  • October 1997
  • UK/US/Canada
  • EAL1-EAL3
  • Formal Recognition
  • October 1998
  • UK/US/Canada/France/Germany/Netherlands/Australia
  • EAL1-EAL4
  • Not legally binding

14
Combined EvaluationSimple Crypto Device
15
Combined EvaluationExample Software Product
16
Combined Evaluation Issues
17
So what about the ITSEC?
  • ITSEC experience is very valuable
  • ITSEC evaluations (and CMS) will be around for
    some time to come
  • Putting evaluations and assessments together to
    get assurance in real systems is hard
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "business consulting on white b/g for printing" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!