IT Security Companies to Host Protection Profile Developer Workshop

IT Security Companies to Host Protection Profile Developer Workshop

Austin, TX, 01-07-2011–Parallel to this year’s RSA conference in San Francisco, a group of IT security companies (Apex Assurance, Aspect Labs, atsec information security, Cygnacom, and EWA) will host a one-day workshop on the topic of Protection Profile (PP) development. This event is aimed at experts in information security with good knowledge of Common Criteria, who are engaged in developing Protection Profiles as part of their professional activities.

The event will take place on February 15th 2011, 9:00 am to 5:00 pm at:
InterContinental Hotel, Howard Room, 4th floor
888 Howard Street
San Francisco, CA 94103

Writing a good Protection Profile that captures the security problem of the sponsor and can be used by developers and evaluators with specific TOEs requires a significant investment of effort.

The Common Criteria is an internationally-accepted standard used as a basis for the evaluation of security functions and properties within Information Technology products and systems. Protection Profiles specify an agreed set of security requirements for a class of IT products and are often used in purchasing decisions by IT product purchasers such as large corporations and government bodies.

There has been a lot of activity in developing Protection Profiles that are relevant and meaningful to a particular industry or IT product class. Recent success includes collaborative work on defining PPs for Operating Systems, Multi Function Printers, and Smartcards. Others are already underway or in the planning stages.

Helmut Kurth, Chief Scientist for atsec, will be the tutor for the workshop. He is co-editor of ISO/IEC TR 15446, “A guide for the production of Protection Profiles and Security Targets.” He advised the IEEE on the development of their protection profiles for multi-function printers and was co-editor for the Operating System Protection Profile published in 2010.

The workshop will include round-table discussions on topics related to protection profiles, eliciting industry knowledge and experience on topics such as FIPS 140-2 in Common Criteria, and information on the subject of composition of security assurance.

The registration fee for this event is $200. Please register at

We invite participants to join us for a networking event following the workshop in the Freemont room on the 4th floor: 6:00 pm–9:00 pm on February 15th, 2011.

If you have any questions about the event, please contact:

Andreas Fabis

About Apex Assurance Group

Apex Assurance Group is an information security consulting firm dedicated to helping companies create opportunity, sustain competitive advantage, and increase market share in the US Federal and Global Government markets.

We help clients achieve FIPS 140 and Common Criteria certifications, and we provide industry-leading experience in assurance program management to help reduce costs of certification and expedite time-to-market.

Apex Assurance Group also supports certification and accreditation processes and provides feedback and training on the latest assurance standards and processes.

About Aspect Labs

Aspect Labs is an independent accredited FIPS and Common Criteria lab located in the heart of Silicon Valley. We established ourselves as leaders in computer security and cryptography evaluation, including cryptographic algorithms, protocols and hardware. Our team consists of highly experienced security experts with experience from Sun Microsystems, Hewlett Packard, Stanford University and a number of security startups. We pride ourselves on working closely with our clients, be it a start-up or a multinational company, from the initial consultation meeting through an approval by the Government Validators.

About atsec information security

atsec information security corporation is a US Government accredited lab for testing information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology.

Combining all of our technology security experience and expertise, atsec information security corporation additionally provides strong consulting skills for: our services; network penetration testing; embedded systems and hardware security testing and analysis; the Federal Information Security Management Act (FISMA); Information Systems Security Management Systems (ISMS); and independent security assessments based on your individual needs.

About CygnaCom Solutions

CygnaCom Solutions Inc., headquartered in McLean, VA and founded in 1994, specializes in Public-Key Infrastructure (PKI), Information Assurance and system security engineering. CygnaCom provides risk assessments, security architecture, identity/privilege management and security assurance consulting. CygnaCom operates security-testing laboratories accredited by NIST’s National Voluntary Laboratory Accreditation Program (NVLAP) to conduct product evaluations and validations to US government standards for information assurance (Common Criteria), FIPS 140-2 and approved algorithms, PIV, and SCAP. CygnaCom Solutions is now a wholly owned subsidiary of Entrust, Inc., a global leader in information assurance and identity management products. Entrust is a US corporation, headquartered in Dallas, Texas.

About EWA – Canada

Electronic Warfare Associates – Canada, Ltd. (EWA-Canada) possesses 22 years of experience in the areas of cyber and telecommunications threat analysis and maintains an extensive independent product “security audit” and assurance evaluation practice with world-wide reach. Additionally, EWA-Canada has wide-ranging international experience and credibility in the security evaluation space by virtue of our nationally and internationally accredited security evaluation labs whose core business is to provide independent Trusted Third Party evaluation services. Our labs provide ISO/IEC-15408 Common Criteria evaluation and testing; Cryptographic & Security Testing (FIPS 140, Security Content Automation Protocol and FIPS 201 validation testing); and Payment Assurance (Interac® and Payment Card Industry (PCI) Point of Sale and Terminal Device) Certification testing to clients around the world.