Enrolment period:
5/19/2022 12:00 AM–6/2/2022 11:59 PM
Responsible organisation:
Faculty of Information Technology
Additional information:
Lecturer: Jussipekka Leiwo, Ph.D.
Participation in each class required for a Pass grade. Otherwise a Fail grade shall be assigned.
******
Introduction and Motivation
From the numerous standards and models for information security assurance, some target information security policies, some target information security procedures and some target IT Security products. Further, various standards and models focus on different life-cycle stages on the assurance target.
While many of the standards and models for the assurance on information security policies and procedures (e.g. the ISO27001 series) are well understood, those on the assurance on IT Security products are not that widely known. This is troubling as IT Security products (i.e. devices performing fundamental security functions) are in the core of the information society and it is widely recognized that the trustworthiness of the IT Security products deployed in the critical information infrastructure is not sufficient.
This course establishes a conceptual framework for the security assurance on IT Security products and proceeds to elaborate on the use of Common Criteria (CC) as a standard for rigorous engineering of high assurance IT Security products. CC is a suite of international standards and interpretations, overseen by the international management board, where the evaluation and certification results, when carried out in accordance with the agreed upon oversight, are internationally recognized among the nations that are signatories to the International Common Criteria Recognition Arrangement (CCRA).
In the EU, a number of security standards for the critical IT Security products (smart card integrated circuits and operating systems, crypto boxes, IoT devices, components of the Public Key Infrastructure (PKI), etc.) are expressed using the CC. In North America, any IT Security product to be deployed in government systems must be CC certified. Finland is a signatory to the CCRA with TRAFICOM representing Finland.