Understanding Product Security Certification

Under the Smart Nation initiative in 2014, it is anticipated that there shall be growing inter-connectvitiy betweeen smart devices and sensors. Increased interconnectivity leads to increased dependencies between smart devices and sensors. Hence, it is crucial that each node in the network of devices implements safeguards to thwart potential cybersecurity attacks. In 2019, Singapore attanined the status of Common Criteria Certificate Authorising Nation. Common Criteria is the de facto standard for cybersecurity product certification around the world. Today, 31 nations, including Singapore are of the Common Criteria Recognition Arrangement (CCRA) for mutual recognition of certification. This course seeks to provide participants with a basic understanding of the following:
(a) Common Criteria (CC) processes
(b) Security problems and security objectives reconciliation
(c) Security architecture
(d) Test coverage and suitability
(e) Security risk in product life-cycle
(f) Vulnerability analysis

Course Details

Course Dates:
Currently unavailable.


Duration
2 days, 9.00AM to 5.00PM

 

Who Should Attend


Personnel interested to understand Common Critieria (CC) certification requirements and Information Technology (IT) product security.

Minimum Entry Requirements:
Personnel who are actively involved in Information Technology (IT)/ Operational technology (OT) product development.

Programme Outline

Learning Objectives

By the end of this course, participants should be able to:
(a) Understand Common Criteria (CC) evaluation processes
(b) Address security issues and align them with security objectives.
(c) Comprehend security architecture.
(d) Assess test coverage and suitability.
(e) Identify security risks throughout the product lifecycle.
(f) Conduct vulnerability analysis.

Day 1

Introduction to Accrediation, Test, Inspect, Certification and Cybersecured Devices

  • Common Criteria (Lecture)

  • Anatomy of Security Target (Lecture)

  • Introduction to Security Target assurance activity, ASE 

  • Real-time online quiz for ASE

  • ASE: Reconciling Security Problems and Security Objectives in Security Target (Group discussion)

  • Introduction to Development assurance activity, ADV (Lecture)

  • Real-time online quiz for ADV

  • ADV: Determining security domains and discuss about security architecture(Group discussion)

  • Wrap-up and Q &A

Day 2

Design Thinking for Cybersecured Devices, and Recap of Day 1

  • Introduction to Tests assurance activity, ATE (Lecture)
  • Real-time online quiz for ATE
  • ATE: Determining coverage and suitability of test cases(Group discussion)
  • Introduction to Life-cycle Support assurance activity, ALC (Lecture)
  • Real-time online quiz for ALC
  • ALC: Identifying security risks in product life-cycle (Group discussion)
  • Introduction to Vulnerability Analysis, AVA (Lecture)
  • Real-time online quiz for AVA
  • AVA: Propose attack scenarios and calculating attack potentials (Group discussion)
  • Wrap-up and Q &A
Assessment

Online Quiz, group discussions and presentations.

Course Fees and Funding

Full course fee inclusive of prevailing GST

You pay
S$2,180

SkillsFuture Course Fee subsidy (70%)

  • For Singapore Citizens < 40 years old 
  • For Permanent Residents

You pay
S$654

Mid-Career Enhanced Subsidy (90%)

  • For Singapore Citizens ≥ 40 years old

You pay
S$254

Enhanced Training Support for SMEs (90%)

  • For SME - Sponsored employees

You pay
S$254

The above module fee payable is inclusive of 9% GST. 

Instructor

Teo Tee Hui
Senior Fellow, SUTD Academy

Teo Tee Hui graduated with Master of Engineering and Ph.D. from National University of Singapore and Nanyang Technological University in 2000 and 2009 respectively in Electrical & Electronic Engineering. Since 1996, he was with Sharp, ST-Microelectronics, Intelligent Micro-Devices (Matsushita), and etc. as a principal Integrated Circuits (IC) designer. He is currently with SUTD. Tee Hui is a Senior Member of IEEE, Charted Engineer (Sg) and Fellow of IES.

 

Daryl Koh
Adjunct Senior Fellow, SUTD Academy

Daryl Koh is the General Manager of SETSCO-AN Security. He is the founder of An-Security, the first local formal cybersecurity testing lab in Singapore, after gaining experience from working in multiple internationally recognized security labs over the world. Daryl is a pioneer in the formal assurance cybersecurity testing field and was instrumental in helping the Cybersecurity Agency of Singapore established the internationally recognized Common Criteria cybersecurity testing scheme. Daryl holds a Bachelor of Engineering from the Nanyang Technological University.

 

Wang Junhao
Adjunct Fellow, SUTD Academy

Wang Junhao brings a wealth of engineering expertise to the classroom, with a background in designing, implementing and evaluating various aspects of embedded systems including low-level device drivers, digital system design, embedded operating systems, and printed circuit board (PCB) design, associated with security products. His journey in the product security evaluation sector began in 2014, with a key role in launching Asia’s inaugural EMV laboratory right here in Singapore. Since joining An Security in 2017, Junhao has become a skilled practitioner in the Common Criteria (CC) method. He furthered his education with a Master of Science in Security by Design from the Singapore University of Technology and Design, graduating in August 2023. He was awarded the SG Digital Scholarship in 2022, focusing on Future Communications Research & Development. Junhao is also a certified security evaluator for both Singapore’s and Germany’s Common Criteria schemes, demonstrating his dedication to his field.  

Policies and Financing Options

SSG Funding Terms and Conditions

Use of Personal Details

In consideration of the subsidy provided by SkillsFuture Singapore Agency (“SSG”) through the SUTD Academy for the Course,
 

I consent to:

The collection, use and disclosure to relevant third parties of my personal data by the SUTD Academy including but not limited to personal particulars, attendance records, assessment/performance records, for the following purposes:

  1. Reporting of national statistics and conducting of holistic continuing education training research and analysis;

  2. Facilitate the conduct of the relevant surveys and audits in relation to the Course;

  3. General administration of the Course including but not limited to processing of the subsidy provided by SSG;

  4. Publicity and marketing of the Course or other Courses to be provided by SSG or SUTD Academy; and

  5. SSG or its Appointed Auditors or Nominated Representatives to directly contact Course Participant to obtain information deemed necessary for the purposes of conducting effectiveness survey or audits in relation to the Course.
     

I agree to:

  1. Attend and complete all lectures, class exercises, workshops and assessments;

  2. Complete the Course feedback at the end of the Course;

  3. Complete the post Course survey sent about 3 to 6 months after class attendance; and

  4. Sign up for a personal email account.

SUTD Privacy Statement

For more information on SUTD's privacy statement, please visit https://sutd.edu.sg/Privacy-Statement.

SUTD Terms and Conditions

Methods of Payment

Learn more about the available payment modes.

Cancellation & Refund Policy

  1. If a written notification is sent to sutd_academy@sutd.edu.sg within 24 hours after course registration deadline there will be no cancellation charges. A full refund will be made. 

  2. No refund is provided if written notification is more than 24 hours after course registration deadline. SUTD Academy reserves the rights to collect the full fee amount from the participant.

Replacement Policy

Companies may replace participants who have signed up for the course by giving a 3-working day notice before the course commencement date to sutd_academy@sutd.edu.sg. Terms and conditions apply.

Registration Policy

  1. Course may be cancelled due to insufficient participants. SUTD Academy will not be responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from any course cancellation.

  2. Course enrolment is based on a first-come, first-served basis.

  3. SUTD Academy reserves the right to change or cancel any course or instructor due to unforeseen circumstances. 

Types of Funding

Funding under Mid-Career Enhanced Subsidy ("MCES")

  1. MCES is an enhanced Subsidy to encourage mid-career individuals to upskill and reskill, thereby helping them to remain competitive and resilient in the job market. With this, all Singaporeans aged 40 and above will receive higher subsidies of up to 90% course fee subsidy for SSG-funded certifiable courses.

  2. Individuals/employers are not required to submit an application for the MCES. Those pursuing SSG-funded programmes will be charged the appropriate subsidised fees by SUTD Academy if they are eligible MCES. Individuals/employers will only need to pay the nett fee (full course fee after SSG's grant).

    For more info, please visit SkillsFuture website at https://www.skillsfuture.gov.sg/enhancedsubsidy

Funding under Enhanced Training Support for SMEs ("ETSS")

  1. ETSS is an enhanced funding to enable SMEs to send their employees for training.

  2. SMEs will enjoy subsidies of up to 90% of the course fees when they sponsor their employees for SSG-funded certifiable courses.

  3. In addition to higher course fee funding, SMEs can also claim absentee payroll funding of 80% of basic hourly salary at a higher cap of $7.50 per hour. SMEs may apply for the absentee payroll via the SkillsConnect system.

  4. To qualify, SMEs must meet all of the following criteria:
    - Organisation must be registered or incorporated in Singapore
    - Employment size of not more than 200 or with annual sales turnover of not more than $100 million
    - Trainees must be hired in accordance with the Employment Act and fully sponsored by their employers for the course
    - Trainees must be Singapore Citizens or Singapore Permanent Residents

    For more info, please visit SSG website at https://www.ssg.gov.sg/programmes-and-initiatives/funding/enhanced-training-support-for-smes1.html


Funding under Union Training Assistance Programme ("UTAP")

UTAP is a training benefit for NTUC members to defray their cost of training. This benefit is to encourage more union members to go for skills upgrading.

NTUC members enjoy 50% unfunded course fee support for up to $250 each year when you sign up for courses supported under UTAP (Union Training Assistance Programme).

For more info, please visit https://e2i.com.sg/individuals/ntuc-education-and-training-fund/.
 


Funding under Post-Secondary Education Account ("PSEA")

The Post-Secondary Education Account (PSEA) is part of the Post-Secondary Education Scheme to help pay for the post-secondary education of Singaporeans.

This is part of the Government’s efforts to encourage every Singaporean to complete their post-secondary education. It also underscores the Government’s commitment to support families in investing in the future education of their children and to prepare them for the economy of the future. PSEA is not a bank account.

It is administered by the Ministry of Education (MOE) and is opened automatically for all eligible Singaporeans.

Account holders can use their PSEA funds to pay for their own or their siblings’ approved fees and charges for approved programs conducted by approved institutions.

However, you will have to check your eligibility and balance by contacting MOE first.

Contact MOE at (65) 6260 0777

E-mail to MOE at contact@moe.edu.sg

Click here for MOE website.