1 / 21

Luděk Novák, novak@isaca.cz

Effective Design of Trusted Information Systems. Luděk Novák, novak@isaca.cz. Content. Brief Introduction into Security Design Five Steps of Security Design General Description Security Environment Security Objectives Security Requirements Rationale Conclusion.

kory
Télécharger la présentation

Luděk Novák, novak@isaca.cz

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Effective Design of Trusted Information Systems Luděk Novák, novak@isaca.cz

  2. Content • Brief Introduction into Security Design • Five Steps of Security Design • General Description • Security Environment • Security Objectives • Security Requirements • Rationale • Conclusion CATE 2001 - Security and Protection of Information

  3. International Standards • ISO/IEC PDTR 15446:2000 • Information technology – Security techniques – Guide for the production of protection profiles and security targets • ISO/IEC 15408:1999 • Information technology – Security techniques – Evaluation criteria for IT security CATE 2001 - Security and Protection of Information

  4. Basic Term • Target of Evaluation - TOE • IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation • A formal evaluation is not necessity CATE 2001 - Security and Protection of Information

  5. Structure of Design CATE 2001 - Security and Protection of Information

  6. General Description • Background information on TOE and its purpose, usage, operation etc. • Document Identification • General TOE Functionality • TOE Boundary • TOE Operational Environment CATE 2001 - Security and Protection of Information

  7. Security Environment CATE 2001 - Security and Protection of Information

  8. Security Environment • Asset • information or a resource, which needs to be protected by TOE countermeasures • Data Objects • Software • Hardware CATE 2001 - Security and Protection of Information

  9. Threat undesirable event characterised by: threat agent attack method vulnerability assets under the attack Threat Agent source of event, which can be: human non-human Security Environment CATE 2001 - Security and Protection of Information

  10. Security Environment • Assumption • potential threat to assets not relevant to or not involved in TOE security • Organisational Security Policy • rules, procedures, practices, etc. imposed by organisation or other authorities CATE 2001 - Security and Protection of Information

  11. Security Objectives • Security Objectives for TOE • express what is the responsibility of the TOE and its security functions • Security Objectives for Environment • address aspects of the security needs the TOE will not to do CATE 2001 - Security and Protection of Information

  12. Security Objectives CATE 2001 - Security and Protection of Information

  13. Security Objectives • Preventative Objectives • measures prevent a threat from being carried out • Detective Objectives • means detect/monitor events • Corrective Objectives • actions take in response CATE 2001 - Security and Protection of Information

  14. Security Requirements CATE 2001 - Security and Protection of Information

  15. Functional Requirements Security Functional Requirementsidentify demands for the security functions which the TOE must provide to fulfil the security objectives for the TOE It can be based on: • ITSEC’s Generic Headings • ISO15408 – Common Criteria CATE 2001 - Security and Protection of Information

  16. Identification and Authentication Access Control Audit Integrity Availability Privacy Data Exchange Security Audit Communication Cryptographic Support User Data Protection Identification and Authentication Security Management Privacy Protection of TOE Security Functions Resource Utilisation TOE Access Trusted Path/Channels Functional Requirements CATE 2001 - Security and Protection of Information

  17. Assurance Requirements Security Assurance Requirementsprescribes clear objective criteria which express quality of the TOE development Evaluation Assurance Level – EAL • EAL1 up to EAL4 – Commercial Security • EAL5 up to EAL7 – Special Security Tools CATE 2001 - Security and Protection of Information

  18. Requirements on Environment Security Requirements on Environment bring up the claims which would not be under a direct control of any IT security function within the TOE. • Personnel Security • Physical Security • Procedural Security CATE 2001 - Security and Protection of Information

  19. Rationale • Security Objectives Rationale • demonstrates the identified security objectives are suitable to cover all aspects of the security needs • Security Requirements Rationale • makes evident the identified security requirements are suitable to meet the security objectives CATE 2001 - Security and Protection of Information

  20. Rationale CATE 2001 - Security and Protection of Information

  21. Advantages Clear, Transparent and Effective Way Simple Sharing of Know-How Based on Well-Known Common Criteria Project Disadvantages Not Officially Approved No Direct Connection to Special Security Tools Conclusions CATE 2001 - Security and Protection of Information

More Related