Courses

Courses

325 - Security Testing and Evaluation: Practical Approaches for System Certification (2 days)

Course Description
Outline
Audience
Course Level
 Prerequisite(s)
Special Notes(s)
Additional Readings/URLs
Date(s)
Fee

Course Description

Where feasible, project managers and systems architects may prefer the use of products evaluated under the international Common Criteria (CC) to satisfy system security requirements. Otherwise, certifiers and accreditors will need different evidence that an IT system, as implemented, meets security requirements defined in the system security policy. This course explores practical alternatives for security testing and evaluation to achieve the necessary levels of assurance.

Top of Page | Haut de la page
Outline
  • Examine the rationale for security testing and evaluation
  • Develop an IT security test plan
  • Select appropriate IT security test procedures, including:
    • functional testing
    • system integration testing
    • stress testing
    • vulnerability analysis
    • other techniques
  • Consider Onsite Technical Vulnerability Assessment (OTVA) and Active Network Security Testing (ANST) team services
  • Assess test results
Top of Page | Haut de la page
Audience
Project managers, system architects, system (security) administrators and IT security professionals.
Top of Page | Haut de la page
Course Level
Intermediate

Recommended preparation: Course S51 - Threat and Risk Assessment (TRA): Practical Risk Management in a Hostile Environment, or equivalent.

Top of Page | Haut de la page
Prerequisite(s)
None
Top of Page | Haut de la page
Special Note(s)
None
Top of Page | Haut de la page
Additional Readings/Instructor-suggested URLs
None
Top of Page | Haut de la page
Date(s) (E) = English (F) = French  
March 28-29, 2006 (E)
Top of Page | Haut de la page
Fee
$650 - GoC      $750 - Non-GoC
Top of Page | Haut de la page