Courses

755 - Selecting the Right Security Technologies: Mapping Threat and Risk Assessments (TRA) to the Common Criteria (1 day)

Course Description Outline Audience Course Level

Prerequisite(s) Special Notes(s) Additional Readings/URLs Date(s) Fee

Course Description

In general, to achieve the most cost-effective safeguards, increasingly rigorous and more expensive or restrictive countermeasures should be reserved for assets at greater risk. With this principle in mind, this course offers a flexible approach to the definition of system security requirements and the selection of technical safeguards based upon the output of a formal threat and risk assessment and the Common Criteria (CC), an international standard for evaluating IT security products.

Outline

Review the TRA process and outputs Examine the Common Criteria Scheme for evaluating IT security technologies Develop a Protection Profile, a statement of system security requirements in terms of evaluated products, to address the assessed risks identified in a TRA Analyze Security Targets, against which IT security products are evaluated, to determine which meet system security requirements defined in a Protection Profile Select the best match of evaluated products to satisfy as many system security requirements as possible

Audience

Project managers, system architects, system (security) administrators and IT security professionals.

Course Level

Intermediate Recommended preparation: Course S51 - Threat and Risk Assessment (TRA): Practical Risk Management in a Hostile Environment or equivalent.

Prerequisite(s)

None

Special Note(s)

None

Additional Readings/Instructor-suggested URLs

An Introduction to the Common Criteria (www.commoncriteriaportal.org/public/consumer/index.php?menu=1)

Date(s)	(E) = English (F) = French
February 20, 2006 (E)

Fee

$450 - GoC      $550 - Non-GoC