Expert Part 5

             
             
  Home About Gamma Tour our Web Site Events White Papers Services Visitors' Book How to contact us
        IMS Internal Control ISMS Smart Cards Common Criteria
                 

Standards

Let us now examine the role of standards and, in particular, the role that evaluation and certification has to play in risk management. We will again use the Expert risk assessment technology to illustrate our ideas.

Take a close look at the following graph. It shows the effect of applying the Common Criteria at different levels of evaluation with the application of BS7799-2.

Graph showing that overall risk is a function of both CC EAL and whether an ISMS exists, is in place or is certified. The least risk is at EAL7 and there is a certified ISMS. The greatest risk is when the system is unevaluated and there is no ISMS. Having an unevaluated system with an ISMS in place is roughly equivalent to an EAL4 evaluation but no ISMS.

Here we see that BS 7799 certification with unevaluated products reduces risk just as well as Common Criteria evaluation at the higher EAL (4 and upwards) alone. In some sense, we may regard BS 7799 certification as a continuous system evaluation process, and is less expensive. The certification costs so far appear to be commensurate with ISO 9000 certification and therefore amount to a few days per year. However, we also see that the combined effect of BS 7799 certification, together with evaluated products, leads to greater risk reduction. For some systems (e.g. those with high asset values to protect) this approach would be more suitable.

Modelling BS 7799-2

The ISMS can simply be regarded as a threat safeguard that acts to reduce the capability of an attacker. The individual controls cited within BS 7799-2:1999 Section 4 are represented by threat, vulnerability or asset safeguards, with corresponding vulnerability definitions for the vulnerability safeguards.

Modelling Common Criteria

In the Common Criteria case, the threats and security objectives, as described in the Protection Profile or Security Target, are first represented as vulnerabilities and safeguards. Secondly, the risk mitigation effect of the Security Enforcing Functions (SEF) can be assigned values in accordance with the EAL. For example, given a 1-5 scale, we may assign the value 1 for an unevaluated SEF, the value 2 for EAL1, the value 3 for EAL4, the value 5 for EAL7. Thirdly, it makes sense to model the effect of the "undiscovered" vulnerability (e.g. by declaring it as a vulnerability, with "evaluation" safeguards that progressively mitigate the vulnerability in accordance with the EAL concerned). Finally, account needs to be taken of weak and medium Strength of Functions (e.g. by capping the mitigation effect of the corresponding safeguards).
             
             
             
 
Gamma is an ISO/IEC 27001:2005 and BS EN ISO 9001: 2000 registered company, certified for the provision of information security consultancy.  BSI certificate numbers IS 85916 and FS  30710.  Please send comments to webmaster@gammassl.co.uk or complete our Visitors'Book. Gamma Secure Systems, Diamond House, Frimley Road, Camberley, Surrey, GU15 2PS, UK Tel: +44 1276 702500 - Fax: +44 1276 692903Copyright © Gamma Secure Systems Limited 1999-2003
 
 
Page last updated: 17 January, 2003