atsec开展为期三天的通用评估准则培训

2011-06-21

A brief course description 课程简介

This course will provide an in-depth training on Common Criteria (CC) V3.1 R3 (published in July 2009) including Part 1 Introduction and general model, Part 2 Security functional components and Part 3 Security assurance components.
该课程将提供关于通用评估准则(CC:Common Criteria)V3.1 R3(发布于2009年7月)的深入培训,包括第一部分-简介和一般模型,第二部分-安全功能组件以及第三部分-安全保证组件。

The instructor will pay special attention on explaining the root of the CC – threat model, from which a series of key notions in CC including security objectives, security requirements, security functionality and assurance requirements are derived. The concept and goals for threat modeling will be integrated with a structured approach for identifying, evaluating, and mitigating risks to IT product/system security. Through threat modeling concept and methodology, the instructor aims to demonstrate that CC is not only an important and unique standard for product security evaluation, but also a valuable reference for developing IT products/systems with better security. It helps developers to analyze the IT product/system from the adversary’s point of view, to identify vulnerability, and to improve test coverage.
培训导师将特别关注在讲解CC的根基 - 威胁模型,从而导出CC的一系列关键概念,包括安全目标、安全要求、安全功能和保证性要求。威胁模型的概念和目的将被整合在一个针对识别、评估以及减免IT产品/系统安全中的风险的结构化的方法中。通过威胁模型的概念和方法论,培训导师旨在展示CC不仅仅是产品安全评估的一个重要的、唯一的标准,而且为更加安全地开发IT产品/系统具有很高的参考价值。它帮助开发人员从对手的角度分析IT产品/系统,以识别脆弱性,并且提高测试覆盖范围。

The instructor will also go through a sample Security Target (ST) and a sample Protection Profile (PP) to illustrate how CC concepts are in action, understanding how to use ST or PP to describe the security features of an IT product/system or a type of IT products/systems.
培训导师还将通过安全目标(ST:Security Target)样例和保护轮廓(PP:Protection Profile)样例来阐明CC概念是如何被应用的,理解如何使用ST或者PP来描述某款IT产品/系统或者某一类型的IT产品/系统的安全特性。

In addition, with the gained knowledge of CC and its PP among the audience, the instructor will take a step further to put CC and PP on one side and Chinese standards (e.g. GB/T 20271-2006 and GB/T 20272-2006) on another side for a comparative study. The study will show the common ground as well as the differences between the two sets of the standards.
此外,基于学员之间已有的CC以及其PP知识,培训导师将进一步把CC和PP与国内标准(例如:GB/T 20271-2006 和 GB/T 20272-2006)放在一起,进行比较性的学习。该学习将展示两套标准的相同点和不同点。

The course will be self-contained. It does not require any previous knowledge on Common Criteria. Nevertheless, the experience in software development, familiarity with the IT security principles and concepts will help to gain a thorough understanding of Common Criteria and the role it plays in the spectrum of the IT security. Anyone who is interested in IT security as a developer, evaluator or even simply a consumer can benefit from this course.
本课程自身将是完整独立的。它不需要任何有关Common Criteria的前期知识。尽管如此,软件开发的经验,熟悉IT安全原则和概念将帮助更透彻地理解CC以及它在IT安全领域中所担当的角色。无论是开发人员、评估人员或者仅仅是产品最终用户,任何对IT安全感兴趣的学员都可以从这个课程中受益。

Course Duration and Style课程周期和类型
This course is targeted for 3 full days.
本课程设置为三天。
This course will be taught in workshop style, with presentations and instructor-led discussions.
本课程将以研讨会的形式展开,包括讲演、教师指导的讨论。

 

Training Materials and Diploma培训资料和证书
atsec will issue diplomas (of completion of the course) for students who take participate into the course.
参加本课程将获得由atsec颁发的(课程完成)证书。

CC V3.1R3 can be downloaded from the following link:
CC V3.1R3可以在如下链接下载:
http://www.commoncriteriaportal.org/cc/

Course Outline课程大纲


Time时间

Content 内容

1st day

 

Morning

CC Part 1: Introduction and general model

Afternoon

Threat Modeling

2nd day

 

Morning

CC Part 2: Security functional components

Afternoon

CC Part 3: Security assurance components

3rd day

 

Morning

Understanding a sample ST and a sample PP

Afternoon

Comparative study with Chinese standards GB/T 20271-2006 and GB/T 20272-2006

Lecturer and Language讲师和语言
Lecturers to be assigned for this training are principal consultants from atsec U.S. and atsec China.
本次培训由atsec美国和atsec中国的资深顾问携手完成。

The training is offered in Chinese.
培训的语言采用中文。

Price价格
The price of the training is 3,000 RMB (Chinese Yuan) per participant.
培训的价格为每位学员3,000元 人民币。
This price is comprised of: the training, lunch, and diploma fee.
本价格包括培训、午餐,以及证书费用。

Time and Address时间和地点
Training Time: July 13 – July 15, 2011,
培训时间:2011年7月13日至7月15日
Training Address: 中国信息安全认证中心培训教室
培训地点: Training room of ISCCC
联 系 人:白海蔚 李丽
Email: haiwei@atsec.com lily@atsec.com
联系电话:+86 10 84834011
传 真:+86 10 82890017