The module provides an in-depth overview of the international standard for assessing the security of IT systems, with a particular focus on the theoretical and practical aspects of the framework. The fundamental concepts are introduced, with an analysis of key terms such as Target of Evaluation (TOE), Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs). The structure of the framework is then explained, along with how it is applied in different assessment contexts. Particular attention is paid to the Protection Profile (PP), which is the document that defines the generic security requirements for a category of products, highlighting its importance and the process involved in creating it. The module then examines in detail the definition and role of the Target of Evaluation, i.e. the specific set of security functions and technologies being assessed. Using practical examples, participants learn to identify the key features of the TOE and how to document them effectively.
A significant part of the programme focuses on the assessment process, outlining its main stages: from initial planning, through technical verification, to official certification. The roles and responsibilities of all parties involved, including developers, assessors and certification bodies, are analysed.
Finally, the course provides practical tools for applying the Common Criteria in real-world contexts, equipping participants to develop, evaluate and certify products in accordance with the standard’s requirements. With the ultimate aim of ensuring that the process is safe, reliable and compliant with regulations.
The module is divided into two parts, each comprising 20 hours of distance learning, making a total of 40 hours, plus 16 hours of in-person laboratory work.
Would you like to attend the course live with the tutor? Download the course timetable and get in touch