This presentation introduces to the basics of Common Criteria and was held in the frame of the subject "Development of information systems" for the students of Budapest University of Technology and Economics.
Possibilities of IT security evaluations based on Common Criteria in Hungary ...Csaba Krasznay
The presentation gives some information about Common Critera and talks about the possibilities of Hungarian IT developers if they want to get the certification for their products.
Developing an Information System for E-Portfolio Based Knowledge Generation a...ePortfolios Australia
Developing an Information System for E-Portfolio Based Knowledge Generation and Sharing in Teacher Education
Mariamma Mathew, Thomas Uzhuvath, Tony Cherian and Aswathy G.
Peet Memorial Training College, Mavelikara, Kerala State, India
Abstract
This project, which aims to develop a professional portfolio for teacher educators and student teachers, is in its budding stage. The focus is to develop a Learning Management System with many of the social networking features.Student teachers can upload products including My Teaching Philosophy, Reflective Journal, Lesson Plans, Teaching Video and Photos in addition to detailed personal and academic profiles,.Every product is uploaded with a reflective note and there is a provision for comments and feedback. A major feature is to make performance assessment strategies as an integral part of the portfolio system. The self,peer, and mentor assessmentsare carried out using rubrics. Login to the system is also allowed for educational institutions, employers and guests and the public. It is expected that the system works as an effective tool for engaging student teachers and teacher educators to create and share a pool of pedagogical knowledge.
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
This introductory session will cover the basic steps of the Risk Management Framework (RMF) and the transition away from the previous Certification and Accreditation approach to information systems security and assurance. This will also cover the benefits of the RMF for organizations, local, state, and federal governments.
Information System Concepts & Types of Information SystemsVR Talsaniya
Best slides on the information system concepts and to understand the types of information systems.
Best for the CA Final Students for Information System Control & Audit (ISCA) subject.
Possibilities of IT security evaluations based on Common Criteria in Hungary ...Csaba Krasznay
The presentation gives some information about Common Critera and talks about the possibilities of Hungarian IT developers if they want to get the certification for their products.
Developing an Information System for E-Portfolio Based Knowledge Generation a...ePortfolios Australia
Developing an Information System for E-Portfolio Based Knowledge Generation and Sharing in Teacher Education
Mariamma Mathew, Thomas Uzhuvath, Tony Cherian and Aswathy G.
Peet Memorial Training College, Mavelikara, Kerala State, India
Abstract
This project, which aims to develop a professional portfolio for teacher educators and student teachers, is in its budding stage. The focus is to develop a Learning Management System with many of the social networking features.Student teachers can upload products including My Teaching Philosophy, Reflective Journal, Lesson Plans, Teaching Video and Photos in addition to detailed personal and academic profiles,.Every product is uploaded with a reflective note and there is a provision for comments and feedback. A major feature is to make performance assessment strategies as an integral part of the portfolio system. The self,peer, and mentor assessmentsare carried out using rubrics. Login to the system is also allowed for educational institutions, employers and guests and the public. It is expected that the system works as an effective tool for engaging student teachers and teacher educators to create and share a pool of pedagogical knowledge.
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
This introductory session will cover the basic steps of the Risk Management Framework (RMF) and the transition away from the previous Certification and Accreditation approach to information systems security and assurance. This will also cover the benefits of the RMF for organizations, local, state, and federal governments.
Information System Concepts & Types of Information SystemsVR Talsaniya
Best slides on the information system concepts and to understand the types of information systems.
Best for the CA Final Students for Information System Control & Audit (ISCA) subject.
A Digitális környezetünk fenyegetettsége a mindennapokban című nemzetközi tudományos-szakmai konferencián elhangzott előadás prezentációja
Időpont: 2017. november 8-9.
Helyszín: Duna Palota, Budapest
Thanks to my friend, Szigeti Szabolcs I'm invited in every year to talk about my experiences at Műegyetem. In 2008 I wrote up many subjects e.g. I presented ISO 27001 and 27002 (or better known ISO 17799) standards. I wrote some words about all chapters of these standards deal with organization security. In consideration of speaking for students of computer sciences the slides show how can applications support gaining ISO 27001 certification.
Áttekintés az IT biztonságtechnikai közbeszerzésekkel kapcsolatos legfontosabb információkról.
További információért kérjük látogasson el honlapunkra és vegye fel a kapcsolatot szakértőinkkel: http://www.snt.hu/megoldasok/informaciobiztonsag/
Testing the system: ethical hacking and penetration testing (in Hungarian)Csaba Krasznay
I wanted to make a presentation about ethical hacking for a long while. This material tries to show what do we understand on ethical hacking, what concepts should we learn and bring to book for as a procurer. Maybe it's turn out that ethical hacking is based on a methodological work.
Kinek és miért jó egy a cégre szabott üzleti, ügyviteli szoftver?
Mindezt megtalálja leírásunkban és a weboldalunkon. Továbbá információt is kérhet e-mailben és telefonon.
Weboldalunk: http://www.egyediszoftverek.hu
The possibilities and limitations of the spreading of digital signature (in H...Csaba Krasznay
In this paper we deal with the subject of digital signatures and its national spreading. We have composed a questionnaire which was published on the internet to sketch out the current situation. With the given answers we can get the lessons of the attitude of the participants.
More Related Content
Similar to Development of information systems - Common Criteria (in Hungarian)
A Digitális környezetünk fenyegetettsége a mindennapokban című nemzetközi tudományos-szakmai konferencián elhangzott előadás prezentációja
Időpont: 2017. november 8-9.
Helyszín: Duna Palota, Budapest
Thanks to my friend, Szigeti Szabolcs I'm invited in every year to talk about my experiences at Műegyetem. In 2008 I wrote up many subjects e.g. I presented ISO 27001 and 27002 (or better known ISO 17799) standards. I wrote some words about all chapters of these standards deal with organization security. In consideration of speaking for students of computer sciences the slides show how can applications support gaining ISO 27001 certification.
Áttekintés az IT biztonságtechnikai közbeszerzésekkel kapcsolatos legfontosabb információkról.
További információért kérjük látogasson el honlapunkra és vegye fel a kapcsolatot szakértőinkkel: http://www.snt.hu/megoldasok/informaciobiztonsag/
Testing the system: ethical hacking and penetration testing (in Hungarian)Csaba Krasznay
I wanted to make a presentation about ethical hacking for a long while. This material tries to show what do we understand on ethical hacking, what concepts should we learn and bring to book for as a procurer. Maybe it's turn out that ethical hacking is based on a methodological work.
Kinek és miért jó egy a cégre szabott üzleti, ügyviteli szoftver?
Mindezt megtalálja leírásunkban és a weboldalunkon. Továbbá információt is kérhet e-mailben és telefonon.
Weboldalunk: http://www.egyediszoftverek.hu
The possibilities and limitations of the spreading of digital signature (in H...Csaba Krasznay
In this paper we deal with the subject of digital signatures and its national spreading. We have composed a questionnaire which was published on the internet to sketch out the current situation. With the given answers we can get the lessons of the attitude of the participants.
Security analysis and development opportunities of Hungarian e-government (in...Csaba Krasznay
In 2009 and 2010 a huge development is expected in the Hungarian e-government system. Although information security aspects have an emphasized role solid principals and practices hasn’t been identified for the developments. This study reviews the design directions of the Hungarian e-government and presents some predictable IT security risks. This is done by the formalism of Common Criteria standard considering the governmental expectations. In the following chapter the author studies the current recommendations which are useable during the design and implementation and then outlines the ideal direction with the analysis of the Japanese example. Last it represents the overall security situation of the Hungarian e-government system and proposes some scientific topics for the improvement.
Security analysis of the Hungarian e-government system (in Hungarian)Csaba Krasznay
The electronic public administration got a big push with the Act CXL of 2004 on the general regulation of the administrative authority process and services (Ket.). The “Client gate” and the increasing set of other e-government services were set up and are still emerging. But these new services on the internet mean new security challenges to the operators. They are supported by executive orders which draw up requirements in connection with the security level of e-government services.
Authentic long-term archiving with electronic signature (in Hungarian)Csaba Krasznay
With the modification of the law about Electronic Signature it is possible to provide authentic archiving service. In connection with this modification many interesting questions could be emerged primary from the technology side. After the introduction of the juridical background I represent an electronic signature policy with archiving instructions and its advantages and disadvantages. I mention the general problems of electronic archiving. For the realization of the regulation it is necessary to utilize an electronic signature format that can be verified after a long term archiving period. This format is derived from the ETSI TS 101 903 standard which usage is also the subject of my lecture. Lastly I try to outline the future of authentic long-term archiving.
Security of the Hungarian electronic government systems (in Hungarian)Csaba Krasznay
The presentation gives a short overview about the security questions of the Hungarian e-government system. The main goal is the problem-posing, namely who has the responsibility to protect the cyberspace in case of an attack.
Countermeasures on the internet (in Hungarian)Csaba Krasznay
The goal of this presentation is to provide the meaning and types of countermeasures on the internet. By drawing the parallel with electronic countermeasures it briefly shows the jamming, destroy and decoy techniques.
Possibilities and results of the usage of electronic signatures in the busine...Csaba Krasznay
This presentation discusses understandably the usage of electronic signatures in the economy, and presents the practical usage with the possibilities and pitfalls.
Evaluation laboratories in the Hungarian Information Security Evaluation and ...Csaba Krasznay
Hungary has joined the Common Criteria Recognition Agreement. Development of the Hungarian Information Security Evaluation and Certification Scheme (MIBÉTS) has begun with this act. Basic element of this scheme – which is a simplified form of Common Criteria – is the presence of evaluation laboratories. The presentation deals with the requirements of MIBÉTS laboratories and the expectations and exercises related to the evaluators.
Beside the general standards in connection with the laboratories we review the specifications of the British national scheme and the current Hungarian legislation. After this we talk about the MIBÉTS specific regulations, i.e. the departmental order about laboratories. The second part of the presentation shows international examples about the shaping and operation of evaluation laboratories.
Security of handheld computers (in Hungarian)Csaba Krasznay
The security of handheld computers is getting more and more critical. We have to remember that every system and network is worth the same than its weakest link. In these days there are only a few people who consciously care for the security of their network or system. But all responsible system administrators have the duty to prepare to all intents and purposes. The mission of the experts and university lecturers is to give over their knowledge. This presentation was prepared with this purpose too.
Phishing and spam in Hungary and worldwide (in Hungarian)Csaba Krasznay
In my presentation - following the topic that was begun on Networkshop conference - I analyze the sources of unwanted e-mails, show some examples about their destructiveness, and discuss the specialities of Hungarian phishing.
In my presentation which was held on the Hacktivity 2005 Conference, I examined the known vulnerabilities of the bluetooth implementations and other common bluetooth security issues.
Information security from the other side: Hackers in Hungary (in Hungarian)Csaba Krasznay
I try to introduce the participants of the Hungarian hacker subculture. There is only one study about hackers in Hungary that is why I felt very important to share my experiences that came from my work, from the universities and from Hacktivity conference. You can argue with it, so please share your opinion with me!
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
The huge project of the MEKIK (Hungarian Electronic Public Administration Interoperability Framework) has already been started; the next steps were the specification of the middleware and MEKIK portal and the pilot implementation of technical standards catalogue that would be accessible via this portal. These requirements affected the work in connection with the secure communication and the usage of electronic signature in the public administration. The project – correspondingly to the standards of the catalogue – also covered the general conception of security framework, requirements of certification service providers, signature creation application and devices, cryptographic protocols, legal aspects and secures mobile communication. This article introduces the actualities in connection with the interoperability of electronic public administration.
Developing interoperable e-government solutions in Hungary Csaba Krasznay
In 2005 we presented the Hungarian Electronic Public Administration Interoperability Framework on the eGOV INTEROP'05 Conference. In this paper we show the activities leading toward the realization of this project. We describe the legal background, the cooperation between governmental, private and educational parties and a case study of an interoperability test between electronic signature applications. In the last part we explain the future possibilities in the field of e-governmental interoperability.
This short presentation - was delivered on the D-Lan LAN Party in Dunaújváros - discusses the basic security issues of wireless networks, and gives an overview about the hacking of vulnerable networks.
4. Miért kell a Common Criteria ? Biztonsági követelmény rendszer & Felülvizsgálati módszertan Főbb tényezők Nemzetközi IT piaci trendek Közös nemzetközi biztonsági követelmények Számtalan már létező módszertan felülvizsgálata IT biztonsági kihívások fokozódása
5.
6.
7. A történet European National & Regional Initiatives ‘ 89-’93 Canadian Initiatives ‘ 89-’93 Common Criteria Project ‘ 93-- ISO IS 15408 ‘ 99 CTCPEC 3 ‘ 93 NIST’s MSFR ‘ 90 ISO Initiatives ‘ 92-- ISO /IEC 15408 :2005 ‘ 05 US TCSEC ‘ 83, ‘85 Federal Criteria ‘ 92 Common Criteria 1.0 ‘ 96 Common Criteria 2.1 ‘ 99 ITSEC 1.2 ‘ 91 Common Criteria 2. 3 ‘ 05 Common Criteria 3.1 ’ 06
13. Viszonya más biztonsági szabványokhoz Összetett IT rendszerek Egyszerű termékek Technikai megközelítés Szervezeti megközelítés FIPS 140 ITSEC/CC ISO/IEC 27001 IT Baseline Protection Manual ISO/IEC 13335 CobiT
14.
15.
16.
17.
18.
19.
20.
21.
22. Mi előzi meg a fejlesztést? Biztonsági cél: Szándéknyilatkozat azonosított fenyegetések elleni fellépésről és/vagy meghatározott szervezeti biztonsági szabályzatoknak és feltételezéseknek való megfelelésről. A biztonsági célok kialakítása Védendő vagyontárgyak A biztonsági környezet kialakítása Biztonsági célok TOE Fizikai környezet Feltétele-zések Fenyege-tések Szervezet-biztonsági Szabályok TOE célja
23. Mi előzi meg a fejlesztést? TOE összefoglaló specifikáció: A TOE ST-ben adott összefoglaló specifikációja meghatározza a TOE biztonsági követelményeinek megjelenését. Felsőszintű leírást ad azokról a biztonsági funkciókról, amelyekről kijelentik, hogy teljesítik a funkcionális követelményeket, és azokról a garanciális intézkedésekről, amelyeket a garanciális követelmények teljesítéséhez meg kell hozni.. A biztonsági követelményeken keresztül a TOE specifikációja CC Követelmény katalógus A biztonsági követelmények kialakítása TOE összefoglaló specifikáció Biztonsági célok Funkcionális követelmények Garanciális követelmények Környezeti követelmények
24.
25.
26.
27.
28. A fejlesztés szemléletmódja Forráskód / Hardver terv Funkcionális specifikáció Magas-szintű terv Biztonsági követelmények Megvalósítás A tervezés és implementálás finomítása Megfelelőségi ellenőrzés és integrációs tesztelés
29. A fejlesztéstől a minősítésig Ideiglenes értékelési eredmény Biztonsági követelm. (PP) TOE Megvaló-sítás TOE Fejlesztés TOE Értékelése Értékelési eredmények tanúsítása Tanúsított értékelési eredmény Értékelési Szempontok (CC) Biztonsági célok Biztonsági specifikáció (ST) (Termék)
33. CC leírások Család k komponens komponens komponens Osztály b Család 1 komponens komponens komponens Család i komponens komponens komponens Család j komponens komponens komponens Osztály a Csomagok Funkcionális vagy garancia követelmények újrahasználható készlete Opcionális (nem CC) követelmények Védelmi profil Biztonsági rendszerterv