Upload
angel-rodgers
View
227
Download
1
Tags:
Embed Size (px)
Citation preview
© Crown Copyright (2000)
Module 1
Evaluation Overview
“You Are Here”
MODULE 3SCHEME RULES &
PROCEDURES
MODULE 2ASSURANCE
MODULE 1EVALUATION OVERVIEW
Introduction
• Why is IT Security needed?
• What is IT security evaluation?
• What is Assurance?
• What are the Scheme Rules?
What Protection ?
Salaries Database
Aspects of IT Security
• Confidentiality - protection against unauthorised disclosure of information
• Integrity - protection against unauthorised modification of information or loss of accuracy
• Availability - protection against unauthorised withholding of information or resources
Assets and Threats
• Assets– valuable organisational resources– disclosure or compromise or loss would be
inconvenient or harmful
• Threats– a potentially harmful action affecting
confidentiality, integrity or availability of assets
Countermeasures
• A measure put in place to counter, or help counter, an identified threat to an asset
• Countermeasures can be:– IT, i.e. implemented by hardware, firmware or
software; or– non-IT, e.g. physical or procedural measures
Types of Countermeasure
• Preventative– place restrictions on who can do what
• Detective– provide means to detect events which indicate a
potential compromise of assets
• Corrective– take action in response to undesirable events
Countermeasure Examples
• Preventative:– access control (physical or logical)– data encryption
• Detective– auditing of security relevant events– data integrity measures, e.g. checksums
• Corrective– user account lockout after login failures– suspension of inactive user sessions
Vulnerabilities and Risks
• Vulnerabilities– a security weakness that may allow realisation
of a threat to compromise an asset
• Risk– likelihood of a threat exploiting a
vulnerability to harm an asset and/or cause loss
Castle Example
Sources of Vulnerabilities
Vulnerabilities can arise from:• Inappropriate selection of countermeasures• Errors in their design or implementation• Conflict between countermeasures• Loopholes allowing circumvention of
countermeasures• Misuse of countermeasures
Impact of Vulnerabilities
Vulnerabilities can be:
• Exploitable– given sufficient time, resources and expertise
an attacker could break through in practice
• Non-Exploitable– an attacker will be unable in practice to exploit
it to compromise an asset
What is Evaluation ?
• An independent assessment of a Target of Evaluation (TOE) involving– analysis– testing
• Scope of work is defined in a Security Target
• Aimed at establishing a required level of assurance
What is Assurance?
• A measure of confidence that a TOE meets its security objectives– risk to assets reduced to acceptable level
• Assurance is governed by– depth of evaluator analysis– degree of developer and evaluator testing– formality / rigour of developer evidence
• Leads to concept of Assurance Levels
Scope of Evaluation
• Product - an IT package that can be purchased and deployed in a number of different operational environments
• System - a specific IT installation with a particular purpose and a known operational environment
Security Target
• This defines:– the assets, threats– assumptions– environment . . . . . etc.
• Everything you need to know about the TOE– including the IT countermeasures or security
functions
Evaluation Criteria
• European, 1991 – Information Technology Security Evaluation
Criteria (ITSEC)
• World-wide (ISO standard), 1998– Common Criteria (CC)
Evaluation Methodology
• How we do evaluations– defined in ITSEM and CEM
• Defines techniques for the various activities:– Refinement Analysis– TOE life-cycle assessment– Vulnerability Analysis– Testing of TOE
The UK Scheme
• Scheme rules cover– quality and management– security / confidentiality– training– appointment and accreditation
Evaluation Parties • Developer - produces the TOE
• Sponsor - pays for the evaluation
• Evaluator - performs the evaluation
• Certifier - oversees the evaluation and issues certificates where appropriate
• Accreditor - relevant to systems only
Evaluation ProcessDeveloper / Sponsor
CLEF
Certification Body
Accreditor / Sponsor
TOE Definition
Evaluation Technical Report
Certification Report
Deliverables
Problem Reports
Evaluation Conduct
• Impartiality- what interest do you have in the outcome?
• Repeatability- could you get the same results?
• Reproducibility- would other CLEFs get the same results?
• Objectivity- minimise subjective judgement
Summary - 1
• Need IT Security to protect assets from threats using adequate countermeasures
• Evaluation allows a Target Of Evaluation to be independently assessed
• Assurance gives a level of confidence that a TOE meets its security objectives
Summary - 2
• Evaluation Criteria - ITSEC and CC
• Evaluation Methodology - ITSEM and CEM
• Scheme Rules and Interpretations– quality, management, security, training– application of criteria and methodology
• Evaluation Conduct– impartial, repeatable, reproducible and objective
Further Reading
• UKSP 01
• UKSP 04 Part 1
• ITSEC, Sections 0 and 1
• Common Criteria Part 1, Section 4