Presentation is loading. Please wait.

Presentation is loading. Please wait.

Updates on Korean Scheme IT Security Certification Center, National Intelligence Service The 8 th ICCC in Rome, Italy.

Published byNorma Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "Updates on Korean Scheme IT Security Certification Center, National Intelligence Service The 8 th ICCC in Rome, Italy."— Presentation transcript:

1 Updates on Korean Scheme IT Security Certification Center, National Intelligence Service The 8 th ICCC in Rome, Italy

2 IT Security Certification Center Introduction to ITSCC  ITSCC(IT Security Certification Center) is…  Aiming at enhancing the IT security in government organizations by evaluating and certifying commercial IT security products that government organizations plan to procure  The certification body of Korea for security certification, responsible for proper operation of the Korean Evaluation and Certification Scheme(KECS)  Our Six Main Roles  Issue Common Criteria certificates for IT security products  Regulate the procurement of products within government  Plan and develop Protection Profiles for IT security products  Approve IT security evaluation facilities  Operate the training and education program for evaluators  Participate in CC related international cooperation

3 IT Security Certification Center Korean Procurement Policy  Government organizations must procure certified IT security products since 1 Jan. 2006  To promote the use of Common Criteria in Korea  To encourage Korean developers to produce sound security products that meet the international standards  Although this policy certainly contributed to the provision of improved confidence in commercial IT security products…  Encountered a problem  The number of products applying for CC certificates far- exceeded the evaluation capacity we can afford  This means products have to wait for a long time in the queue before actual evaluation work begins

4 IT Security Certification Center New Evaluation Facilities(1)  Most obvious and effective solution was to expand evaluation capacity of the country  There was only one evaluation facility, KISA(Korea Information Security Agency), which had been established by law  In Dec. 2006, introduced a new procedure to approve evaluation facilities by amending the Korean Standard Lab. Accreditation Program  As a result, we have two more evaluation facilities  Early this year, KTL(Korea Testing Laboratory) and KOSYAS(Korea System Assurance) applied for approval  After accredited against ISO 17025, KTL and KOSYAS were finally approved as an evaluation facility on 29 June and 9 August, respectively

5 IT Security Certification Center  Established the CC evaluator’s license program  To produce quality IT security evaluators in order to meet demands from new evaluation facilities  Also, the need for systematic training and education of evaluators arose to ensure the quality of their work  Three types of evaluator status * In addition, we also teach top-notch graduate students to educate them as CC evaluators with high standard from this semester New Evaluation Facilities(2) TypeIssuing ConditionEntitled Activity Trainee Evaluator Successful completion of 10-day education and having passed a written exam Can participate in CC evaluation under supervision of higher grade evaluators (Formal) Evaluator Participated in one or more EAL3 evaluation Can perform evaluation of products up to EAL3 Senior Evaluator Participated in two or more EAL4 evaluations AND worked over 3 years as an evaluator Can perform evaluation of products up to EAL4 and become an evaluation team leader

6 IT Security Certification Center Domestic Certification  Introduced a domestic certification scheme to shorten the evaluation time itself  Intended to deal with the products having waited or being expected to wait in the evaluation queue for quite a long time, say, more than a year  Identical to CC except that sampling-based evaluation is used for some components rather than full examination, being able to save evaluation time up to four weeks  The domestic scheme can only be regarded as a temporary solution because…  It still requires the same developer’s evidence as CC  And there is no significant reduction in evaluation time at the expense of internationally recognized CC certification * Note : This domestic scheme is outside the scope of the conference

7 IT Security Certification Center Provision of PPs  Timely provide PPs that are very needed by IT security product developers  We believe guiding developers to build products correctly and rightly can significantly reduce the evaluation time as it can reduce potential ORs raised by evaluators  In view of this, ITSCC develops 4 Protection Profiles a year for the products with a large demand from government organizations and a high potential for market growth AND a high potential for market growth * PPs can be downloaded from www.kecs.go.kr (in Korean) 20062007(not competed yet) Antivirus with a networked admin console WLAN authentication system Anti-spam system Enterprise Security Management(ESM) Web application firewall e-Cover for electronic passport Enterprise digital right management system USB authentication token

8 IT Security Certification Center CEMS (1)  Improve the management process of evaluation and certification by employing an automated document management system called CEMS  Handled documents manually because EF and CB are located very closely and therefore preferred in-person contact  However, manual handling of deliverables between CB and EF was partly responsible for inevitable delays in evaluation  Moreover, location of new EFs are widely separated across the city and therefore electronic communication becomes necessary  Therefore, started to build the CEMS system  Supports electronic management of documents  And also some essential functions of project management such as real time monitoring of progress * CEMS : Certification and Evaluation Management System

9 IT Security Certification Center CEMS (2)  CEMS is a web-based client-server system, running on Windows Server with IIS and MS-SQL  It consists of two subsystems, called CMS and EMS  CMS stands for Certification Management System while EMS stands for Evaluation Management System  CMS can only be accessible to certifiers inside the CB  EMS communicates with evaluation facilities’ own system through secure communication channels CEMSCEMS

10 IT Security Certification Center CEMS (3)  Main Features of CEMS developed so far:  Online document management and storage  Real-time monitoring of work progress  Management of document templates  CEMS user management and audit functions  Backup and other system maintenance  With the help of CEMS, we expect to achieve the improved efficiency in evaluation and certification and reduction in evaluation and certification time  For anyone interested in CEMS, demonstration is available at out booth outside

11 IT Security Certification Center Conclusion

Download ppt "Updates on Korean Scheme IT Security Certification Center, National Intelligence Service The 8 th ICCC in Rome, Italy."

Similar presentations

STRENGTHENING FINANCING FOR DEVELOPMENT: PROPOSALS FROM THE PRIVATE SECTOR Compiled by the UN-Sanctioned Business Interlocutors to the International Conference.

STRENGTHENING FINANCING FOR DEVELOPMENT: PROPOSALS FROM THE PRIVATE SECTOR Compiled by the UN-Sanctioned Business Interlocutors to the International Conference.
Nairobi, Kenya, 26 – 27July 2010 Maintaining Equipment Standards to ensure good QoS Mwende Njiraini Engineer I/NT/LCS Communications Commission of Kenya.

Nairobi, Kenya, 26 – 27July 2010 Maintaining Equipment Standards to ensure good QoS Mwende Njiraini Engineer I/NT/LCS Communications Commission of Kenya.
Best Practise in Using Finance Simulations in UK Higher Education By: Neil Marriott and Siew Min (Amy) Tan.

Best Practise in Using Finance Simulations in UK Higher Education By: Neil Marriott and Siew Min (Amy) Tan.
Internal environmental audit - Conf.dr.ing. Oana Brinzan – UAV Arad.

Internal environmental audit - Conf.dr.ing. Oana Brinzan – UAV Arad.
Trainer Recognition and Accreditation. New Arrangements for Trainer Recognition and Accreditation  In August 2012, the GMC released a document ‘Recognising.

Trainer Recognition and Accreditation. New Arrangements for Trainer Recognition and Accreditation  In August 2012, the GMC released a document ‘Recognising.
Ensuring Effective Monitoring, Certification and Verification of Emissions by Jed Jones Lloyd’s Register.

Ensuring Effective Monitoring, Certification and Verification of Emissions by Jed Jones Lloyd’s Register.
Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.

Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.
ISO 9001 : 2000.

ISO 9001 : 2000.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.

Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
Introduction to Environmental Management Systems (EMS)

Introduction to Environmental Management Systems (EMS)
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.

1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
Chapter 8 Assuring the quality of external participants’ contributions

Chapter 8 Assuring the quality of external participants’ contributions
Home Care Monitoring Guy Pettengell, Head of Operational Contracts.

Home Care Monitoring Guy Pettengell, Head of Operational Contracts.
Purpose of the Standards

Purpose of the Standards
Quality Assurance Review Team Oral Exit Report School Accreditation Bayard Public Schools November 8, 2011.

Quality Assurance Review Team Oral Exit Report School Accreditation Bayard Public Schools November 8, 2011.
Chapter 19 OPERATIONS AND VALUE CHAIN MANAGEMENT © 2003 Pearson Education Canada Inc.19.1.

Chapter 19 OPERATIONS AND VALUE CHAIN MANAGEMENT © 2003 Pearson Education Canada Inc.19.1.
ASPEC Internal Auditor Training Version 1.0 2013.

ASPEC Internal Auditor Training Version
Standards and Guidelines for Quality Assurance in the European

Standards and Guidelines for Quality Assurance in the European
4. Quality Management System (QMS)

4. Quality Management System (QMS)
Introduction to SQF Certification (Use “Notes “ View in PowerPoint to see additional guidance) Use this presentation to introduce SQF Certification.

Introduction to SQF Certification (Use “Notes “ View in PowerPoint to see additional guidance) Use this presentation to introduce SQF Certification.

Similar presentations

Ads by Google