Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Consorzio RES and IT Security Certifications” 1/22.

Published byClaud Gardner Modified over 8 years ago

Similar presentations

Presentation on theme: "“Consorzio RES and IT Security Certifications” 1/22."— Presentation transcript:

1 “Consorzio RES and IT Security Certifications” 1/22

2 the Consorzio RES operates as Consorzio RES originates in 1997 in response to the ICT market growing needs in the framework of security processing and maintenance of electronic data Security Evaluation Laboratory (LVS) qualified by the OCSI (ISTICOM) Evaluation Centre (CE.VA.) qualified by ANS (the Italian National Security Authority) Global Consultant in the physical, organizational and ICT security 2/22

3 Scheme managed by OCSI, the certification body for security Evaluation an Certification of commercial systems and products (DPCM of the 30/10/2003) Scheme managed by ANS, the certification body for security Evaluation and Certification of systems and products dealing with classified information concerning the National Security (DPCM of the 11/04/2002) Consorzio RES is a laboratory qualified to perform Security Evaluation Processes according to the following National Schemes What is an Evaluation Process ? 3/22

4 An Evaluation Process is part of a Certification Process and has the purpose to produce a Final Evaluation Report. On the base of this report the Certification Body produces the Certification Report and, eventually, the Certificate So, the target seems to be achieving the Security Certificate …and this target MUST be achieved… in a while with money savings at high assurance level 4/22

5 … these are Customers usual requests! ? ! 5/22

6 6/22 Our approach punctually answers to the main problems of the ones who are disposed to engage a certification process Consequently Consorzio RES has consolidate an operative metodology with certain benefits for the Customers Experience taught us to respect the Customers needs

7 Why certify What certify How much spend … and the presumptions of our Customers are… 7/22

8 Why certify It is necessary to sell our product… Our direct competitor has just achieved the security certificate for his product… We have some left-over money in our project… 49% 2% 8/22

9 All We don’t know… 50% What certify 9/22

10 Few money We have this available amount…do what you can! 50% How much spend 10/22

11 Consorzio RES intervention, since the Certification is only an hypothesis, allows the Customers to resolve to their advantage the previous problems Analysis of these needs has driven the Consorzio RES in the development of a working metodology that attends the Customers since before the Evaluation Process start-up Followed approach answers to the Customers needs though respecting all procedures of the reference scheme as well as used security standard for the system/product evaluation 11/22

12 Why certify Since before the starting of Evaluation Process, Consorzio RES cooperates with the Customers in a clear definition of : So that data requiring protection can be managed in a security context appropriate to real environment “ ” Real security needs Most suitable operating environment Strictly necessary countermeasures 12/22

13 What certify Only the components (HW/SW) that, implementing Security, are effectively contrasting the supposed threats “ ” One of the major activities of Consorzio RES is to support Customers to clearly mark off the boundaries of : Target of Evaluation Everything else Operating environment items 13/22

14 How much spend The bare minimum after having correctly answered to the questions: Why certify? What certify? ” “ 14/22

15 It is frequent that Security Problem ambiguities are transposed in a cautionary extention of the boundaries of Target of Evaluation and its Operating Environment, as well as in the definition of Security Procedures onerous for the workaday users operations Confusion about true Security Objectives Certification time increasing Certification cost increasing Rules/Standards Modifications HW/SW Obsolescence 15/22

16 Evaluation Assistance Phase Evaluation Preparation Phase Evaluation Phase Certificate Emission certification Evaluation Starting Evaluation Ending Consorzio RES Intervention Areas 16/22

17 Critical Success Factors (1/2) Evaluation Assistance Phase Evaluation Phase Evaluation Preparation Phase certification 17/22

18 Evaluation Preparation Phase Identification of Security Aspects strictly related to the Security Problem Evaluation Assistance Phase Very well written evaluation documents compliant with referential Security Standard Critical Success Factors (2/2) 18/22 Paying attention to these Critical Success Factors remarkably reduces the risk to cumulate considerable delays during a certification process, in behalf of costs and operatives engagements for system/product under certification

19 Evaluation Assistance Phase Evaluation Preparation Phase Evaluation Phase Turn key solutions Consorzio RES is able to offer all these services during a same certification process, having the availability of highly qualified personnel in a sufficient number to guarantee the independency expected by national scheme 19/22

20 Every human resource of Consorzio-RES is also qualified, by both certification bodies, for the respective schemes, to hold the Evaluator role during the evaluation process Common Criteria v.3.1 (ISO/IEC 15408) Every human resource of Consorzio RES is skilled according to the most recent security standard, recognized by an international board: 20/22

21 the Customers trust has allowed us to achieve primacy goals First Italian LVS to have completed an evaluation process according to the National Scheme managed by OCSI First Italian laboratory to have completed several Common Criteria evaluation processes according to the National Scheme managed by Italian National Security Agency First Italian LVS to obtain required qualification to carry out products/systems or protection profiles evaluation process according to the National Scheme managed by OCSI...all unavoidable results of the care and the skills by which “Consorzio RES” answers to the Customers needs 21/22

22 Other information on: www.consorzio-res.it Contact: contatto@consorzio-res.it 22/22

Download ppt "“Consorzio RES and IT Security Certifications” 1/22."

Similar presentations

New Eligibility and Individualized Educational Program (IEP) Forms 2007 Illinois State Board of Education June 2007.

New Eligibility and Individualized Educational Program (IEP) Forms 2007 Illinois State Board of Education June 2007.
Technical skills and competences

Technical skills and competences
ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
Performance management guidance

Performance management guidance
Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.

Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.

IAEA International Atomic Energy Agency Responsibility for Radiation Safety Day 8 – Lecture 4.
Part 1 Background Part 2 The RISAS Board Accreditation Agency RISABs Suppliers IT Application Scheme Administrator Documentation RISAS001/01 RISAS002/01.

Part 1 Background Part 2 The RISAS Board Accreditation Agency RISABs Suppliers IT Application Scheme Administrator Documentation RISAS001/01 RISAS002/01.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
CBR Faculty Fellows Program Presented by: Brenda Marsteller Kowalewski September 16, 2009.

CBR Faculty Fellows Program Presented by: Brenda Marsteller Kowalewski September 16, 2009.
CSCU 411 Software Engineering Chapter 2 Introduction to Software Engineering Management.

CSCU 411 Software Engineering Chapter 2 Introduction to Software Engineering Management.
EFFECTIVE DELEGATION AND SUPERVISION

EFFECTIVE DELEGATION AND SUPERVISION
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Security Controls – What Works

Security Controls – What Works
UGDIE PROJECT MEETING Bled 19-20 September 2002 1 WP6 – Assessment and Evaluation Evaluation Planning  Draft Evaluation plan.

UGDIE PROJECT MEETING Bled September WP6 – Assessment and Evaluation Evaluation Planning  Draft Evaluation plan.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
1 Conformity Assessment Schemes Presented by Andrew Kwan ITU Consultant Conformity and Interoperability Training for ARB Region on Type Approval Testing.

1 Conformity Assessment Schemes Presented by Andrew Kwan ITU Consultant Conformity and Interoperability Training for ARB Region on Type Approval Testing.
ISO 9001 Interpretation : Exclusions

ISO 9001 Interpretation : Exclusions
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

Similar presentations

Ads by Google