Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
•Download as PPTX, PDF•
1 like•1,584 views
This document discusses the Common Criteria standard for information technology security evaluation (SNI ISO/IEC 15408). It provides an overview of the speaker's background and experience in information security standards. It then explains the Common Criteria standard, including the different parts that make up the ISO 15408 series (functional requirements, assurance requirements, etc.). It also discusses other related standards that could be included in Indonesia's national standards, such as frameworks for assurance and evaluation methodology.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (16)
Similar to Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Similar to Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti (20)
More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)
Recently uploaded
Recently uploaded (20)
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
- 1. 1 Sosialisasi SNI ISO/IEC 15408 Kriteria Evaluasi Keamanan Teknologi Informasi Common Criteria Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM Ketua WG Tata Kelola dan Layanan TI PT35-01 Teknologi Informasi Makassar 7 Mei 2014
- 2. Current: • Director of Certification – CRISC & CGEIT, ISACA Indonesia Chapter • ISACA Academic Advocate at ITB • SME for Information Security Standard for ISO at ISACA HQ • Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung • Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01 Program Nasional Penetapan Standar bidang Teknologi Informasi, BSN – Kominfo. Past: • Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008) • Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April 2009 – May 2011 Professional Certification: • Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of Engineering, the University of Texas at Austin. 2000 • IRCA Information Security Management System Lead Auditor Course, 2004 • ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005 • Brainbench Computer Forensic, 2006 • (ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007 • ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007 Award: • (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior Information Security Professional. http://isc2.org/ISLA 2 Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
- 3. Bloom’s Taxonomy of Educational Objectives Apply Comprehend Remember list, recite explain, paraphrase calculate, solve, determine, apply Analyze compare, contrast, classify, categorize, derive, model Synthesize create, construct, design, improve, produce, propose Evaluate judge, critique, justify, verify, assess, recommend
- 4. Kategori Kontrol berbasis Risiko 4 Source: Transforming Cybersecurity: Using COBIT 5, ISACA, 2013
- 5. Kerangka dan Standar – tinjauan SNI ISO 38500 COSO PP60/ 2008 COBIT ITIL v2 ITIL v3 SNI ISO 20000 SNI ISO 2700x SNI ISO 900x Common Criteria SNI ISO 15408 boardlevelmanagementtechnical
- 6. Kerangka dan Standar Keamanan Informasi SNI ISO 38500 COSO PP60/ 2008 COBIT for Information Security SNI ISO 27014:2014 Tata Kelola Keamanan Informasi SNI ISO 2700x Common Criteria SNI ISO 15408 boardlevelmanagementtechnical
- 7. Seri SNI 15408 – Kriteria Evaluasi Keamanan TI ISO/IEC 15408-1:2009 Evaluation criteria for IT security - Part 1: Introduction and general model SNI ISO/IEC 15408-1:2013 Teknologi informasi - Teknik keamanan - Kriteria evaluasi keamanan teknologi informasi - Bagian 1: Pengantar dan model umum ISO/IEC 15408-2:2008 Evaluation criteria for IT security - Part 2: Security functional components SNI ISO/IEC 15408-2:2013 Teknologi informasi - Teknik keamanan - Kriteria evaluasi keamanan teknologi informasi - Bagian 2: Komponen fungsional keamanan ISO/IEC 15408-3:2008 Evaluation criteria for IT security - Part 3: Security assurance components SNI ISO/IEC 15408-3:2013 Teknologi informasi - Teknik keamanan - Kriteria evaluasi keamanan teknologi informasi - Bagian 3: Komponen jaminan keamanan 7
- 8. Yang perlu diusulkan Seri SNI lain – Kriteria Evaluasi Keamanan TI • ISO/IEC 15443-1:2012 Information technology – Security techniques – A framework for IT Security assurance – Part 1: Introduction and concepts • ISO/IEC 15443-2:2012 Information technology – Security techniques – A framework for IT Security assurance – Part 2: Analysis • ISO/IEC 18045: Information technology – Security techniques – A framework for IT Security assurance – Methodology for IT Security Evaluation • ISO/IEC TR 15446 Information technology — Security techniques — Guide for the production of Protection Profiles and Security Targets 8
- 9. ITU-T Workshop - Geneva - February 2009 9 SC 27/WG 3 Security Evaluation Criteria IT Security Evaluation Criteria (CC) (SNI ISO/IEC 15408-x:2013) Evaluation Methodology (CEM) (IS 18045) PP/ ST Guide (TR 15446) Protection Profile Registration Procedures (IS 15292) A Framework for IT Security Assurance (TR 15443) Security Assessment of Operational Systems (TR 19791) Security Evaluation of Biometrics (FDIS 19792) Verification of Cryptographic Protocols (WD 29128) SSE-CMM (IS 21827) Secure System Engineering Principles and Techniques (NWIP) Responsible Vulnerability Disclosure (WD 29147) Test Requirements for Cryptographic Modules (IS 24759) Security Requirements for Cryptographic Modules (IS 19790)
- 10. Common Criteria Model Helmut Kurth, How Useful are Product Security Certifications for Users of the Product, June 2005
- 12. Evaluation Assurance Levels 1. Functionally tested 2. Structurally tested 3. Methodically tested and checked 4. Methodically designed, tested, and reviewed 5. Semi-formally designed and tested 6. Semi-formally verified design and tested 7. Formally verified design and tested
- 13. Diskusi 13
Editor's Notes
- 3