Barabanov iccc 2014 (2)

•Download as PPTX, PDF•

0 likes•1,170 views

Alexander Barabanov

Presentation from International Common Criteria Conference-2014

Presentations & Public Speaking

Russian IT Security Certification
Scheme: Steps Toward
Common Criteria Approach
Alexander Barabanov, Alexey Markov, Valentin Tsirlov

Agenda
2
 Brief overview
 Current status of the Russian IT Security
Certification Scheme
 Steps Toward Common Criteria Approach
 Final Remarks

Brief overview:
Historical Perspective
requirements for
antiviruses
(based on CC)
3
Establishment of
Russian IT Security
Certification Scheme
1995
1997
Mandatory
requirements for
firewall and access
control systems
1999 2003
Guidance based
on CC v.2.1
Mandatory
Mandatory
requirements for
IPS/IDS
(based on CC)
Mandatory
requirements for
source code
analysis
2012 2013

Brief overview:
who takes part in the certification process?
4

Brief overview: typical timeline
5
Obtaining FSTEC ID
Normally 1 month
Evaluation provided by Laboratory
3-4 months
Certification by Certification Body
1 month and more –
there may be delays:
- for solutions that will
be used for protection
of classified
information;
- If a state-owned
Certification authority
was chosen by FSTEC
Obtaining a certificate
from FSTEC of Russia
Normally 1 month

Brief overview:
Accredited Evaluation Laboratories
6

Brief overview:
Accredited Certification Bodies
7

Brief overview:
Classical Major Approaches to Evaluation
8
Evaluation of the security functionality
• Black box testing to ensure that TOE works as it should
Evaluation for the absence of non-declared
functions
• Testing of source code for the absence of software
vulnerabilities

Current status of the Russian Scheme:
Products
9

Current status of the Russian Scheme:
Certified Products by Types (1)
10
2011-2013
Evaluation Timeline

Current status of the Russian Scheme:
Certified Products by Types (2)
11

Current status of the Russian Scheme:
Russian vs. Non-Russian Developers
12

Current status of the Russian Scheme:
Non-Russian Developers (1)
13 13

Current status of the Russian Scheme:
Non-Russian Developers (2)
2011-2013 Evaluation
Timeline
14

Current status of the Russian Scheme:
Russian Developers
2011-2013 Evaluation
Timeline
15

Steps Toward Common Criteria Approach:
Step #1 (1)
16

Steps Toward Common Criteria Approach:
Step #1 (2)
17

Steps Toward Common Criteria Approach:
Step #1 (3)
2003-2013 Evaluation
Timeline
18

Steps Toward Common Criteria Approach:
Step #2 (1)
19

Steps Toward Common Criteria Approach:
Step #2 (2)
20

Steps Toward Common Criteria Approach:
Certified Products, Russian
21
TOE Developer Approved PP
Kaspersky
Endpoint Security
Kaspersky Lab. Host IDS, Antivirus,
Security Level 2
Kaspersky
Antivirus for
Novell NetWare
Kaspersky Lab. Antivirus,
Security Level 2
Security Studio
Endpoint
Protection
Security Code Host IDS, Antivirus,
Security Level 4 (~ EAL3+)
Kaspersky
Security Center
Kaspersky Lab. Antivirus,
Security Level 2
Continent 3.7 Security Code Network IDS, Security Level 3

Steps Toward Common Criteria Approach:
Certified Products, Non-Russian
22
TOE Developer Approved PP
Deep Security 8.0 Trend Micro Host IDS, Antivirus,
Security Level 4 (~ EAL3+)
McAfee NSP 7.1 McAfee Network IDS,
Security Level 5 (~ EAL2+)
Office Scan 10.6 Trend Micro Host IDS, Antivirus,
Security Level 4 (~ EAL3+)
McAfee Web
Gateway 7.4
McAfee Antivirus,
Security Level 5 (~ EAL2+)

Final Remarks
1. First certifications according to the new requirements are
23
certifications of non-Russian products.
2. More and more leading non-Russian developers provide
the Russian Evaluations Laboratories with access to their
source code, and this tendency shall be observed in
future.
3. Efficiency in detection of vulnerabilities in software
submitted for certification will enhance.
4. Russian developers will pay more for certification.
5. The number of actively working Evaluations Laboratories
will reduce.

Contact Information
24
 Alexander Barabanov, CISSP, CSSLP
Head of Certification and Testing Department
NPO Echelon
ab@cnpo.ru
 Alexey Markov, Ph.D, CISSP
CEO of NPO Echelon
am@cnpo.ru
 Valentin Tsirlov, Ph.D, CISSP, CISM
Executive Director of NPO Echelon
z@cnpo.ru

What's hot

Context: Software testing is a crucial step in most software development processes. Testing software is a key component to manage and assess the risk of shipping quality products to customers. But testing is also an expensive process and changes to the system need to be tested thoroughly which may take time. Thus, the quality of a software product depends on the quality of its underlying testing process and on the effectiveness and reliability of individual test cases. Goal: In this paper, we investigate the impact of the organizational structure of test owners on the reliability and effectiveness of the corresponding test cases. Prior empirical research on organizational structure has focused only on developer activity. We expand the scope of empirical knowledge by assessing the impact of organizational structure on testing activities. Method: We performed an empirical study on the Windows build verification test suites (BVT) and relate effectiveness and reliability measures of each test run to the complexity and size of the organizational sub-structure that enclose all owners of test cases executed. Results: Our results show, that organizational structure impacts both test effectiveness and test execution reliability. We are also able to predict effectiveness and reliability with fairly high precision and recall values. Conclusion: We suggest to review test suites with respect to their organizational composition. As indicated by the results of this study, this would increase the effectiveness and reliability, development speed and developer satisfaction. More details: ESEM 2014 presentation for paper "The Impact of Test Ownership and Team Structure on the Reliability and Effectiveness of Quality Test Runs". For more details please see http://dl.acm.org/citation.cfm?id=2652524.2652535&coll=DL&dl=GUIDE&CFID=569962862&CFTOKEN=20804180.

The Impact of Test Ownership and Team Structure on the Reliability and Effect...

Kim Herzig

It's Not a Bug, It's a Feature — How Misclassification Impacts Bug Prediction

sjust

Empircal Studies of Performance Bugs & Performance Analysis Approaches for La...

SAIL_QU

Issre2014 test defectprediction

Kim Herzig

Robustness testing

CS, NcState

Steven Arzt — CHOOSE Talk — 2016-11-15 http://www.choose.s-i.ch/events/arzt-2016/ Android malware is getting more and more sophisticated. So-called "sleeper" applications only trigger their malicious behavior after a certain time has passed or event has happened, effectively evading many dynamic analysis techniques. Other techniques include integrity checks as well as detectors for emulators, rooted devices, and hooks. If any such sign is detected, the malware refrains from its actual malicious behavior. For countering static analyses, these apps apply code encryption, packers, and code obfuscators. Together, these features render most automated analyses ineffective, leaving a manual analysis as the only viable option — a very difficult and time-consuming undertaking. To alleviate the problem, we propose CodeInspect, a new integrated reverse-engineering environment extending the Eclipse IDE and targeting sophisticated state-of-the-art malware apps for Android. CodeInspect not only features an interactive debugger that can work on the bytecode level, but also various static and dynamic analyses that support the human analyst. One can display data flows inside the app, check which permissions are used where in the code, what strings are computed or decrypted at runtime, which code is dynamically loaded and more. Reverse engineers can even add new Java source classes or projects into the application, which can then be called from the original app’s code. This is especially useful when implementing decryption methods which can be directly tested in place.

Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis

CHOOSE

SpecTRM

CS, NcState

Can Automated Impact Analysis Technique Help Predicting Decaying Modules?

Shinpei Hayashi

Levels of testing

Ranjeet Singh

Introduction to penetration testing

Amine SAIGHI

Market research survey on Internet attacks reports that more than 70% of the attacks are on the application layer. This is because 1. More valuable information (electronic money details) is at the application level and 2. Relatively there are more unaddressed vulnerabilities. Considering the fact that there are still inadequate adoption of security development practices across the numerous application development communities, the security testing of the web applications becomes highly critical and rigorous. In our project we have created a penetration testing tool (Black Box Testing Tool) that will check for vulnerabilities in a semi – automated fashion on a target web application. We have tested and demonstrated the functionality and effectiveness of our tool by running this tool on 1. On a target vulnerable web application created by us and 2. On live web sites of a customer organization. The results have been revealing and have been documented appropriately in the following report. We have also provided recommendations as part of corrective action against the discovered vulnerabilities and statements of best practices based on ISO27002 and such other organizations as a preventive action in order to avoid recurrence of such vulnerabilities.

Semi-Automated Security Testing of Web applications

Ram G Athreya

Testy dymne, integracyjne i jednostkowe w Laravel

Laravel Poland MeetUp

Understanding the Rationale for Updating a Function's Comment

SAIL_QU

What's hot (13)

The Impact of Test Ownership and Team Structure on the Reliability and Effect...

It's Not a Bug, It's a Feature — How Misclassification Impacts Bug Prediction

Empircal Studies of Performance Bugs & Performance Analysis Approaches for La...

Issre2014 test defectprediction

Robustness testing

Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis

SpecTRM

Can Automated Impact Analysis Technique Help Predicting Decaying Modules?

Levels of testing

Introduction to penetration testing

Semi-Automated Security Testing of Web applications

Testy dymne, integracyjne i jednostkowe w Laravel

Understanding the Rationale for Updating a Function's Comment

Similar to Barabanov iccc 2014 (2)

Code reviews have been conducted since decades in software projects, with the aim of improving code quality from many different points of view. During code reviews, developers are supported by checklists, coding standards and, possibly, by various kinds of static analysis tools. This paper investigates whether warnings highlighted by static analysis tools are taken care of during code reviews and, whether there are kinds of warnings that tend to be removed more than others. Results of a study conducted by mining the Gerrit repository of six Java open source projects indicate that the density of warnings only slightly vary after each review. The overall percentage of warnings removed during reviews is slightly higher than what previous studies found for the overall project evolution history. However, when looking (quantitatively and qualitatively) at specific categories of warnings, we found that during code reviews developers focus on certain kinds of problems. For such categories of warnings the removal percentage tend to be very high—often above 50% and sometimes 100%. Examples of those are warnings in the imports, regular expression, and type resolution categories. In conclusion, while a broad warning detection might produce way too many false positives, enforcing the removal of certain warnings prior to the patch submission could reduce the amount of effort provided during the code review process.

Would Static Analysis Tools Help Developers with Code Reviews?

Sebastiano Panichella

X41-TUF-Audit-2022-Final-Report-PUBLIC.pdf

nattamailru

Дмитро Терещенко, "How to secure your application with Secure SDLC"

Sigma Software

GenerationRFID_Corp_2015_02

Albert Escala

Standards for safety and security in avionics

Alessandro Bruni

Basic of Software Testing.pptx

aparna14patil

Manual Testing Guide1.pdf

Khushal Chate

Software Quality Assurance

Rohana K Amarakoon

IRJET- Research Study on Testing Mantle in SDLC

IRJET Journal

PCI and Vulnerability Assessments - What’s Missing

Black Duck by Synopsys

Software development life cycle

Unit 2 unit testing

Unit 2 Unit Testing

00.pdf

Zero-bug Software, Mathematically Guaranteed

Ashley Zupkus

Appearance of 64-bit processors on PC market made developers face the task of converting old 32-bit applications for new platforms. After the migration of the application code it is highly probable that the code will work incorrectly. This article reviews questions related to software verification and testing. It also concerns difficulties a developer of 64-bit Windows application may face and the ways of solving them.

Traps detection during migration of C and C++ code to 64-bit Windows

PVS-Studio

Test-Driven Code Review: An Empirical Study

Delft University of Technology

5WCSQ - Quality Improvement by the Real-Time Detection of the Problems

Takanori Suzuki

A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

ICS

When created early in the product development lifecycle, a trace matrix can do more than just help you gain FDA approval for your device. Unfortunately, many companies create the matrix sporadically during a project, mainly right before regulatory submission—too late to capture the benefits a well-maintained matrix can deliver. During this recorded webinar, guest speaker Steve Rakitin, President of Software Quality Consulting, discussed five of the benefits gained by maintaining a matrix throughout the project. A software engineer with more than 20 years of experience in the medical device industry, Steve explains how a trace matrix can help you: - Plan and estimate testing and validation needs - Ensure all requirements are implemented - Verify that all requirements have been tested - Manage change throughout product development - Provide evidence that hazard mitigations are implemented and validated

Sw qual joint webinar deck (5)

Seapine Software

Similar to Barabanov iccc 2014 (2) (20)

Would Static Analysis Tools Help Developers with Code Reviews?

X41-TUF-Audit-2022-Final-Report-PUBLIC.pdf

Дмитро Терещенко, "How to secure your application with Secure SDLC"

GenerationRFID_Corp_2015_02

Standards for safety and security in avionics

Basic of Software Testing.pptx

Manual Testing Guide1.pdf

Software Quality Assurance

IRJET- Research Study on Testing Mantle in SDLC

PCI and Vulnerability Assessments - What’s Missing

Software development life cycle

Unit 2 unit testing

Unit 2 Unit Testing

00.pdf

Zero-bug Software, Mathematically Guaranteed

Traps detection during migration of C and C++ code to 64-bit Windows

Test-Driven Code Review: An Empirical Study

5WCSQ - Quality Improvement by the Real-Time Detection of the Problems

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Sw qual joint webinar deck (5)

Recently uploaded

Causes of poverty in France presentation.pptx

CamilleBoulbin1

Report Writing Webinar Training

KylaCullinane

Dreaming Music Video Treatment _ Project & Portfolio III

NhPhngng3

Yesterday in Lagos, I had the honour of delivering a lecture titled “If this Giant Must Walk; Manifesto for a New Nigeria“ at the Inaugural Memorial Lecture of Prince Emeka Obasi, founder and publisher of Business Hallmark and the inspirational figure behind the Public Policy Research and Analysis Centre - promoters of the revered Zik Leadership and Governance Awards. My lecture focused on the challenges of nation-building in Nigeria and how we can approach them in a way that promotes progress and unity. I discussed the many sources of concern about our country’s future prospects, including violent conflicts, revisionist contestations of the Amalgamation Act of 1914, discontent with the Nigerian economy, and dysfunctions in the federal system. Central to my lecture was the call to address these challenges by crafting a new manifesto for Nigeria. This manifesto, I proposed, should champion integrity, compassion, character, competence, and commitment to national unity and progress within a framework of democratic governance and cultural diversity. I firmly believe that by doing so, we can guide Nigeria to stride forward with pride and purpose. I want to thank the Board and Management of the Public Policy Forum for their kind invitation to speak at this important event and for their commitment to promoting public policy research and analysis in Nigeria. My gratitude also to the late Prince Emeka Obasi, a true inspiration and a builder of bridges across divides, for his contributions to the country. My thoughts are with his family and loved ones.

If this Giant Must Walk: A Manifesto for a New Nigeria

Kayode Fayemi

Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...

amilabibi1

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified

Delhi Call girls

Dreaming Marissa Sánchez Music Video Treatment

nswingard

• For a full set of 390+ questions. Go to https://skillcertpro.com/product/aws-data-engineer-associate-dea-c01-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates • SkillCertPro assures 100% pass guarantee in first attempt.

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf

SkillCertProExams

ICT role in 21st century education and it's challenges.pdf

Islamia university of Rahim Yar khan campus

My Presentation "In Your Hands" by Halle Bailey

hlharris

Digital collaboration with Microsoft 365 as extension of Drupal

Fabian de Rijk

Thirunelveli call girls Tamil escorts 7877702510

Vipesco

Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx

raffaeleoman

Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...

Pooja Nehwal

I had the honour of presenting my reflections on the autobiography of Professor Isaac Folorunso Adewole, titled "Uncommon Grace." As someone deeply invested in documentation and history, I found Professor Adewole's decision to narrate his journey from humble beginnings to occupying one of the highest offices in the land both inspiring and invaluable. In this eloquently written memoir, Professor Adewole provides a comprehensive account of his life, from his ancestral roots to his time as Minister of Health in Nigeria. The unique aspect of this autobiography is that he portrayed himself authentically without taking the help of third-party narratives, which is often seen in accounts of high-ranking officials. His upbringing was greatly influenced by his father's commitment to education. He became a prominent figure in advocating for the rights of the underprivileged through trade unionism. His story is one of unwavering determination, resilience, and faith. His experiences, including both successes and struggles, provide priceless lessons on leadership, perseverance, and the alignment of personal values with public service. While reading "Uncommon Grace," I was struck by the deep leadership lessons that are embedded within its chapters. Professor Adewole stresses the importance of inclusivity, servant leadership, and planning, which are all highly relevant in today's complex world. His commitment to accountability, as well as his primary responsibility as a researcher, serves as a guiding light for aspiring leaders across various disciplines. During his tenure as the Vice Chancellor of the University of Ibadan, he led with visionary leadership and transformative impact. His accomplishments have been meticulously documented in the book, which can serve as a blueprint for rejuvenating institutions and promoting academic excellence. In the latter part of his autobiography, Professor Adewole shares his experiences as a Minister, detailing the challenges he faced while serving the public with integrity and courage. His reflections on the complexities of public service, coupled with his commitment to the well-being of the nation, offer practical insights for policymakers and citizens alike. I have carefully read "Uncommon Grace" and it is more than just a memoir. It is a timeless book that is hard to put down once you start reading. While intellectuals may continue to debate whether uncommon grace was made possible by uncommon preparation or the other way around, I applaud Professor Adewole for sharing his ideas, knowledge, and experience with the public. I highly recommend this book to everyone.

Uncommon Grace The Autobiography of Isaac Folorunso

Kayode Fayemi

Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...

Delhi Call girls

lONG QUESTION ANSWER PAKISTAN STUDIES10.

lodhisaajjda

The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf

Senaatti-kiinteistöt

Recently uploaded (18)

Causes of poverty in France presentation.pptx

Report Writing Webinar Training

Dreaming Music Video Treatment _ Project & Portfolio III

If this Giant Must Walk: A Manifesto for a New Nigeria

Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...

Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified

Dreaming Marissa Sánchez Music Video Treatment

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf

ICT role in 21st century education and it's challenges.pdf

My Presentation "In Your Hands" by Halle Bailey

Digital collaboration with Microsoft 365 as extension of Drupal

Thirunelveli call girls Tamil escorts 7877702510

Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx

Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...

Uncommon Grace The Autobiography of Isaac Folorunso

Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...

lONG QUESTION ANSWER PAKISTAN STUDIES10.

The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf

Barabanov iccc 2014 (2)

1. Russian IT Security Certification Scheme: Steps Toward Common Criteria Approach Alexander Barabanov, Alexey Markov, Valentin Tsirlov

2. Agenda 2  Brief overview  Current status of the Russian IT Security Certification Scheme  Steps Toward Common Criteria Approach  Final Remarks

3. Brief overview: Historical Perspective requirements for antiviruses (based on CC) 3 Establishment of Russian IT Security Certification Scheme 1995 1997 Mandatory requirements for firewall and access control systems 1999 2003 Guidance based on CC v.2.1 Mandatory Mandatory requirements for IPS/IDS (based on CC) Mandatory requirements for source code analysis 2012 2013

4. Brief overview: who takes part in the certification process? 4

5. Brief overview: typical timeline 5 Obtaining FSTEC ID Normally 1 month Evaluation provided by Laboratory 3-4 months Certification by Certification Body 1 month and more – there may be delays: - for solutions that will be used for protection of classified information; - If a state-owned Certification authority was chosen by FSTEC Obtaining a certificate from FSTEC of Russia Normally 1 month

6. Brief overview: Accredited Evaluation Laboratories 6

7. Brief overview: Accredited Certification Bodies 7

8. Brief overview: Classical Major Approaches to Evaluation 8 Evaluation of the security functionality • Black box testing to ensure that TOE works as it should Evaluation for the absence of non-declared functions • Testing of source code for the absence of software vulnerabilities

9. Current status of the Russian Scheme: Products 9

10. Current status of the Russian Scheme: Certified Products by Types (1) 10 2011-2013 Evaluation Timeline

11. Current status of the Russian Scheme: Certified Products by Types (2) 11

12. Current status of the Russian Scheme: Russian vs. Non-Russian Developers 12

13. Current status of the Russian Scheme: Non-Russian Developers (1) 13 13

14. Current status of the Russian Scheme: Non-Russian Developers (2) 2011-2013 Evaluation Timeline 14

15. Current status of the Russian Scheme: Russian Developers 2011-2013 Evaluation Timeline 15

16. Steps Toward Common Criteria Approach: Step #1 (1) 16

17. Steps Toward Common Criteria Approach: Step #1 (2) 17

18. Steps Toward Common Criteria Approach: Step #1 (3) 2003-2013 Evaluation Timeline 18

19. Steps Toward Common Criteria Approach: Step #2 (1) 19

20. Steps Toward Common Criteria Approach: Step #2 (2) 20

21. Steps Toward Common Criteria Approach: Certified Products, Russian 21 TOE Developer Approved PP Kaspersky Endpoint Security Kaspersky Lab. Host IDS, Antivirus, Security Level 2 Kaspersky Antivirus for Novell NetWare Kaspersky Lab. Antivirus, Security Level 2 Security Studio Endpoint Protection Security Code Host IDS, Antivirus, Security Level 4 (~ EAL3+) Kaspersky Security Center Kaspersky Lab. Antivirus, Security Level 2 Continent 3.7 Security Code Network IDS, Security Level 3

22. Steps Toward Common Criteria Approach: Certified Products, Non-Russian 22 TOE Developer Approved PP Deep Security 8.0 Trend Micro Host IDS, Antivirus, Security Level 4 (~ EAL3+) McAfee NSP 7.1 McAfee Network IDS, Security Level 5 (~ EAL2+) Office Scan 10.6 Trend Micro Host IDS, Antivirus, Security Level 4 (~ EAL3+) McAfee Web Gateway 7.4 McAfee Antivirus, Security Level 5 (~ EAL2+)

23. Final Remarks 1. First certifications according to the new requirements are 23 certifications of non-Russian products. 2. More and more leading non-Russian developers provide the Russian Evaluations Laboratories with access to their source code, and this tendency shall be observed in future. 3. Efficiency in detection of vulnerabilities in software submitted for certification will enhance. 4. Russian developers will pay more for certification. 5. The number of actively working Evaluations Laboratories will reduce.

24. Contact Information 24  Alexander Barabanov, CISSP, CSSLP Head of Certification and Testing Department NPO Echelon ab@cnpo.ru  Alexey Markov, Ph.D, CISSP CEO of NPO Echelon am@cnpo.ru  Valentin Tsirlov, Ph.D, CISSP, CISM Executive Director of NPO Echelon z@cnpo.ru

25. 25 Thank you for your attention!

Barabanov iccc 2014 (2)

Recommended

Recommended

More Related Content

What's hot

What's hot (13)

Similar to Barabanov iccc 2014 (2)

Similar to Barabanov iccc 2014 (2) (20)

Recently uploaded

Recently uploaded (18)

Barabanov iccc 2014 (2)