This course provides a basic introduction to the services delivered by the MyCC Scheme, Common Criteria evaluation and certification concepts and benefits of product/IT system security evaluation. It also serves as a basic guidelines in understanding documents such as Security Targets and Protection Profiles, understanding the role of the sponsor/ developer and what is needed as requirements to participating in Common Criteria evaluation and certification processes.

 

1. Increase awareness on the benefits of the product/IT system security evaluation plus certification processes and IT evaluation concepts
2. Learn about MyCC Scheme that includes the MyCC Scheme policy framework, roles and responsibilities, and MyCC Scheme services
3. Identify the layout of Common Criteria (CC) knowledge, Security Target (ST) document structure and its privilege, Protection Profile (PP) guidance as a reference document and Assurance Maintenance perspective
4. Understand the roles and responsibilities of the Sponsor and Developer in Common Criteria Evaluation and Certification processes

 

1. Consumers, Developers and Sponsors
2. Potential Common Criteria/IT Product Consultants
3. Technical Writer interested in learning Common Criteria and MyCC Scheme
4. Any interested parties

IT Security Evaluation
This module provides a background to IT security concepts and evaluation. The topics covered include:

1. the value of Information
2. the importance of Information Technology
3. the need for Information Security
4. the concept of Assurance
5. the benefits of IT Security Evaluation

Overview of the MyCC Scheme
This module provides an overview of the MyCB functions, roles and responsibilities, Recognition Arrangements, and policy framework. The topics covered include:

1. MyCC Scheme background and history
2. Common Criteria Recognition Arrangement
3. What is a certification and evaluation scheme
4. MyCC Scheme services
5. MyCC Scheme roles and responsibilities
6. MyCC Scheme documentation

Introduction to CC, STs and the PPs
This module provides a high level overview of Common Criteria (CC) and Methodology, as well as detailing the Security Target (ST)/ Protection Profile (PP) and how they form the foundation of evaluations. The following topics are included:

1. The history, purpose, paradigm, terminology and structure of the Common Criteria
2. How the Common Criteria defines assurance
3. The purpose and components of a Security Target
4. The purpose and components of a Protection Profile
5. The differences between Assurance packages

MyCC Scheme Evaluation and Maintenance
This module provides a basic level competency in supporting evaluations (as a developer/sponsor). The topics covered include:

1. Supporting an ICT security evaluation
2. Evaluation evidence
3. CC Maintenance of Assurance Paradigm
4. Writing an Impact Assessment Report (IAR)
5. Reviewing an Impact Assessment Report (IAR)

Pn. Hasnida Binti Zainuddin
Senior Analyst
Information Security Certification Body
CyberSecurity Malaysia

Hasnida binti Zainuddin had joined CyberSecurity Malaysia for more than 8 years. She had undertaken the cyber security certification auditing whilst managing a Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme and MyTrustSEAL Service in Information Security Certification Body Department (ISCB). Graduated from University of Malaya, majoring in Information Technology (Management), she started her working experience in Human Resources Department under Manpower Planning team and was responsible for the Human Resources Information System (HRIS) as the System Administrator. Then she gained new experience for 4 years under the Governance, Risk and Compliance team and became as a consultant for the ISO 27001 implementation. She is also certified as Lead Auditor for ISO 27001 and ISO 22301.



Pn. Norahana Binti Salimin
Head of Department
Malaysian Security Evaluation Facility (MYSEF)
CyberSecurity Malaysia

Infosec specialist graduated from Multimedia University, Malaysia and has a degree in B.Eng (Hons) Electronics majoring in Computer. She holds GPEN, GSNA, ECES and Lead Auditor ISMS professional certifications. She is specialized in ISO/IEC 15408 (Common Criteria), well verse in ISO/IEC 17025 and a practitioner of ISMS.



Ts. Ahmad Dahari Bin Jarno
Senior Analyst
Malaysian Security Evaluation Facility (MYSEF)
CyberSecurity Malaysia

Ahmad Dahari Bin Jarno, proudly holds cybersecurity professional certifications and experienced wisely in Common Criteria Evaluation & Certification and cybersecurity penetration testing more than 10 years. Graduated from Malaysia Multimedia University (MMU) as Bachelor (BHons) of Electronics Engineering Majoring in Computer. Started his career with CyberSecurity Malaysia as Security Analyst and currently with given trust as Research Lead (XPERTS Unit) under CyberSecurity Malaysia MySEF (CSM MySEF) Department, dedicating all his work in Common Criteria ICT product evaluation & certification and cybersecurity assessment with additions of leading a team in exploration of cybersecurity research, development and advisory that produce in-house solutions such as: test method, test tools, guideline, trainings and etc. In the domain of cybersecurity as his passion, exposed and experienced widely in the area of network security assessments, various type of penetration testing, web application assessment, web servers/appliances compliance testing and security audit. New exploration technology covers cybersecurity on Smart Card (OS, Applet & Reader) Evaluation, Hardware Security, Biometric Fingerprint Security, and innovation of assessment in Cloud Computing Security.

 

• 22 February 2023
• 19 September 2023

*dates are tentative, unless specified

MYR1,200.00 (subject to 6% SST)

Please click here to register

Contact us to request for a quotation

6 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at www.globalace.org

Click here to download brochure