Common Criteria for IT Security Evaluation (CC, ISO/IEC 15408) Foundation Training Coruse
(Course ID： CC-GM-1)
Common Criteria for IT Security Evaluation
The Common Criteria for IT Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for information and communication technology (ICT) security certification.
This foundation training course is to introduce the CC requirements and implications from sponsor, developer, certifier, evaluator, and manufacture aspects.
The following prior knowledge is expected to participating in this training course.
a) Product development and manufacturing process
- The product lifecycle management (PLM) process, includes demand management, design, development, test, production, and secure delivery processes.
b) Information security technologies and management
- Information security technologies
- Information security management concepts：
- awareness of the need for information security;
- the assignment of responsibility for information security;
- incorporating management commitment and the interests of stakeholders;
- enhancing societal values;
- using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
- incorporating security as an essential element of information networks and systems;
- the active prevention and detection of information security incidents;
- ensuring a comprehensive approach to information security management;
- continual reassessment of information security and the making of modifications as appropriate.
Who should attend?
- Sponsor, i.e, government, regulator and associate, supplier, system integrator, purchasing manager
- Developer, i.e. security function developer, security component/module developer
- Manufacture, i.e, production line/environment manager
This course combined the course presentation, group discussion, experience exchange and participated learning methods to help learners to understand:
- The organization's roles and responsibilities during the CC evaluation and certification programme.
- The meaning and implications of CC to the different roles.
- How to use and/or adapt CC according to different roles.
- How to define TOE (Target of Evaluation) and possible scope
- The consideration of CC evaluation and certification.
- to the organization
- Clarify the organization's role in CC evaluation and certification.
- Understand how to fulfill CC sponsors' needs and expectations.
- Understand how to select a trustworthy CC evaluation laboratory and continually improve the security technology used in the product.
- to the individual
- Understand how to use CC and supporting documents
- Understand how to define the TOE (Target of Evaluation) scope and CC evaluation and certification project initiative.
Day 1, Roles, TOE (Target of Evaluation) requirements and scope
- The key concepts and terms of CC
- CC, ISO/IEC 15408 requirements
- TOE (Target of Evaluation)
- ST (Security TargeT)
- PP (Protection Profile)
- EAL (Evaluation Assurance Level)
- The organization's roles and their responsibilities in CC evaluation and certification
- The needs and expectations from the Sponsor
- HOW the Developer use CC
- Case study：IoT protection profile
- HOW to find a suitable CC certification body the (Certifier)
- HOW to find a trustworthy and licensed CC laboratory (Evaluator)
- HOW the Manufacture support the CC evaluation and certification
- Case sudy：Site Certification
- Course summary
- Course exam
- Course material
- Course examination
- Course certificate
- This training might involve the discussion on the product's security feature design and development, tools, IP licenses, security development environment, security test, developer, production and manufacture site certification, marketing strategy. For information security and trade secret protection, we will only accept in-house training.
- Course arrangement：on-line
(PGP Fingerprint: BE11 C1CC BFE2 A3A9 4929 3D1C 10FF C3BE A51C 92F7)