KYBS1000 Kyberturvallisuuden ajankohtaisia teemoja (1–10 op)

Avaa opintojakson esite Sisussa

Opinnon taso:

Syventävät opinnot

Arviointiasteikko:

Hyväksytty - hylätty

Suorituskieli:

englanti, suomi

Vastuuorganisaatio:

Informaatioteknologian tiedekunta

Opetussuunnitelmakaudet:

2017-2018, 2018-2019, 2019-2020

Kuvaus

Osaamistavoitteet

Suoritustavat

Tapa 1

Valitaan kaikki merkityt osat

Suoritustapojen osat

Osallistuminen opetukseen (1–10 op)

Tyyppi:

Osallistuminen opetukseen

Arviointiasteikko:

Hyväksytty - hylätty

Suorituskieli:

englanti, suomi

Opetus

6.6.–10.6.2022 Luento-opetus, Evaluation and certification of IT security products (3 ects)

Ilmoittautumisaika:

19.5.2022 0.00–2.6.2022 23.59

Tyyppi:

Luento-opetus

Suorituskieli:

englanti

Vastuuorganisaatio:

Informaatioteknologian tiedekunta

Lisätietoja:

Lecturer: Jussipekka Leiwo, Ph.D.

Participation in each class required for a Pass grade. Otherwise a Fail grade shall be assigned.

*****

Introduction and Motivation

From the numerous standards and models for information security assurance, some target information security policies, some target information security procedures and some target IT Security products. Further, various standards and models focus on different life-cycle stages on the assurance target.

While many of the standards and models for the assurance on information security policies and procedures (e.g. the ISO27001 series) are well understood, those on the assurance on IT Security products are not that widely known. This is troubling as IT Security products (i.e. devices performing fundamental security functions) are in the core of the information society and it is widely recognized that the trustworthiness of the IT Security products deployed in the critical information infrastructure is not sufficient.

This course establishes a conceptual framework for the security assurance on IT Security products and proceeds to elaborate on the use of Common Criteria (CC) as a standard for rigorous engineering of high assurance IT Security products. CC is a suite of international standards and interpretations, overseen by the international management board, where the evaluation and certification results, when carried out in accordance with the agreed upon oversight, are internationally recognized among the nations that are signatories to the International Common Criteria Recognition Arrangement (CCRA).

In the EU, a number of security standards for the critical IT Security products (smart card integrated circuits and operating systems, crypto boxes, IoT devices, components of the Public Key Infrastructure (PKI), etc.) are expressed using the CC. In North America, any IT Security product to be deployed in government systems must be CC certified. Finland is a signatory to the CCRA with TRAFICOM representing Finland.