10ICCC Organising Committee

The Norwegian National Security Authority (NSM) and The Norwegian IT Security Certification Authority (SERTIT) are responsible for hosting the 10th International Common Criteria Conference in Tromsø.

NSM is a cross-sectoral professional and supervisory authority within the protective security services in Norway. SERTIT is the public IT Security Certification Authority in Norway.

Project Managers:
Group Manager Lars Borgos, SERTIT
General Manager Torill Berg, Tromsø Event AS

Project Team:
Scheme Director Kjell W. Bergan, SERTIT
Chief Engineer Kjartan Kvassnes, SERTIT
Chief Engineer Arne H. Rage, SERTIT
Senior Engineer Ulrich Isachsen, Norwegian National Security Authority
Marianne Jørgensen, Tromsø Event AS
Economy and procurement & Information and Public Relations, Norwegian National Security Authority

Programme Committee/Track Chairs:
Certifier Azad Nassor, Centre de certification - SGDN/DCSSI, France
Dr. Susanne Pingel, Bundessamt für Sicherheit in der Informationstechnik - BSI, Germany
Ing. Massimiliano Orazi, Fondazione Ugo Bordoni – OCSI, Italy
Pablo Franco, National Cryptologic Centre, CCN, Spain
Dr. Marino Tapiador, National Cryptologic Centre, CCN, Spain
Merve Hatice Karatas, Turkish Common Criteria Scheme, Turkey
Scheme Director David Martin, Communications Electronics Security Group - CESG, UK
Nigel Whittaker-Axon, Communications Electronics Security Group - CESG, UK
Kjell W. Bergan, Arne H. Rage, Ulrich Isachsen , Lars Borgos, NSM/SERTIT

Biography

Arne Høye Rage

Chief Engineer. Education: Bachelor of engineering in the field of Electronics and Control Engineering at Buskerud University College, Kongsberg, 1996. Master of engineering in the field of Information Technology at Universtiy of Stavanger, 1999. Mr Rage has been employed at NSM / SERTIT since August 2000 as a certifier and has been involved in establishing the Norwegian certification scheme. He is also responsible for supervising evaluation projects and evaluation facilities.

Mr. Azad Nassor

Mr Azad NASSOR works at DCSSI (French National Security Agency) as Certifier in the Certification Body that he has joined on June 2008. Before that, for 17 years, he had worked for several private, or partly public, companies in the field of IT Security as:

in charge of PKI Certification Authority (French Health Practitioners Group, Smart Card Manufacturer Company, others company);
Security Officer for a Financial Advisory and Asset Management Bank;
Security Software Developer for an IT company.

Mr Azad NASSOR is graduated of ENSI Caen (IT engineer school).

David Martin

Chair of CC Development Board, CESG, UK

David Martin has worked in a number of areas of IT security including development work (such as the earliest UK commercial use of public key cryptography), and software/hardware for security in banking, as well as a wide variety of consultancy projects. For many years he ran a security consultancy company and during this time was involved in a number of high assurance development projects for UK Government.

He was a member of the BSI (the UK standards agency) security coordination committee, holds a Masters Degree in Computer Systems Security, is a chartered engineer, and a member of the British Computer Society. He has also contributed to a number of books, articles and conferences in the field. He is currently the UK's Scheme Director for international Common Criteria development and is particularly keen to focus upon work that increases the efficiency, effectiveness and relevance of Common Criteria standards and methodology.

Kjell W. Bergan

Norwegian National Security Authority (NSM) / SERTIT Kjell W Bergan, born 1944, graduated from the University of Oslo in 1971 with a masters degree in Cybernetics. Mr. Bergan has been working in the field of communications and IT Security within NSM since 1973. Mr. Bergan has also been active in many NATO working groups over the years, and is currently the chairman of the Technical Information Assurance Services ad hoc Working Group. In addition to being head of the Special Systems and Certification Section within NSM, Mr. Bergan is also the Director of the Norwegian Certification Authority for IT Security (SERTIT). Mr Bergan is married and has two children.

Lars Borgos, CISA

Group Manager The Norwegian IT Security Certification Authority – SERTIT, Norway After he graduated at the University of Oslo and the Norwegian School of Management, Lars Borgos worked at the Office of the Prime Minister for ten years responsible for security, operation and development of the Information Technology Systems and Services. He joined the Norwegian IT Security Certification Authority in 2000. There he works as a Quality Systems Manager and a Communication Manager. He was also the Project Manager for development of a quality system according to NS-EN 45011. He has handled several activities due to the establishment and the International Recognition of SERTIT. He is also representing Norway in the Common Criteria Executive Subcommittee.

Dr. Marino Tapiador

In the Spanish IT Security Evaluation and Certification Scheme, Dr.Marino Tapiador is responsible of the technical management of the Spanish CB that is the organization in charge of Common Criteria, ITSEC and other IT Security evaluations in Spain. Marino Tapiador contributes to the development of IT Security evaluation standards as Common Criteria, he is member of the CC Development Board, CC Maintenance Board and JIL working groups. The interest of Marino Tapiador is focused on research areas related to IT Security evaluation methodologies and electronic identification technologies e.g. smartcards, biometric devices, or PKI systems. Previously Marino has worked for IBM Spain as IT Architect, and as Associate Professor in the Autonomous University of Madrid where he obtained a Ph.D. on Computer Engineering.

Massimiliano Orazi

Massimiliano Orazi graduated in Telecommunications Engineering in 2003 with a thesis performed on security aspects and vulnerabilities in wireless and Wi-Fi networks. After graduating he performed research activities on intrusion detection systems, security in Wi-Fi networks, and reverse engineering techniques applied to security evaluation of ICT systems and products.

He participated as evaluator and as responsible for the production of evaluation documentation in various processes for assessing the security of ICT systems products in accordance with the ITSEC criteria and ITSEM methodology. Within the OCSI, he's a member of the advisory committee; he’s involved in analysis and interpretation of the standard and has the role as a certifier for evaluations of ICT systems and products according to the standard ISO / IEC IS 15408. He also attends, on behalf of Italy, to the CCRA working groups.

He helds various teaching at the School of Specialization in Telecommunications, at the University "Sapienza" of Rome", and within the master on information security provided by the university of Perugia. He also cooperated with the UNINFO working group "sicurezza nelle telecomunicazioni" for the official translation in Italian Language of the standard ISO 27001. In 2007 he achieved OPST certification (OSSTMM Professional Security Tester) released by ISECOM.

Merve H. KARATAŞ

Technical Officer of Turkish Common Criteria Certification Scheme, Turkey Merve H. KARATAŞ received Bsc and Msc. degrees in Electronics Engineering and worked as an assistant to a professor on the subject of Computer Hardware in the Middle East Technical University. Then she joined the Turkish Common Criteria Certification Scheme (TSE-CCCS) which runs under Turkish Standards Institutions (TSE). Now she is responsible for the technical management of TSE-CCCS. She also works as the representative of Turkey for the CC Management Committee, CC Executive Subcommittee and CC Development Board.

Nigel Whittaker-Axon

Nigel is a Certifier in the CESG Certification Body (CB) of the UK IT Security Evaluation and Certification Scheme. He represents the CB on the international CC Maintenance Board (CCMB), the European Joint Interpretations Working Group (JIWG) and the UK CC Support Group (CCUKSG). On behalf of the Scheme, he recently hosted its recent successful CCRA Voluntary Periodic Assessment (VPA) in June 2009. His previous experience ranges from systems analysis and design through to Assurance Manager, Evaluator and Training Manager for an evaluation lab in the Scheme. He ran his own company for a number of years, providing consultancy to the CB, before eventually joining them as a Certifier. Nigel holds a BA in Philosophy and Biblical Studies from the University of Wales, and a Postgraduate Diploma in Management and Administration from the University of Bradford, where he specialised in Management Science. He is a Chartered Quality Professional (CQP), a Member of the Chartered Quality Institute (MCQI) and an Associate of the Institute of Information Security Professionals (A.Inst.ISP).

Pablo Franco

Pablo Franco was a Telecommunications and Electronic Warfare Officer in the Spanish Air Force until 2001. After he finished the Cryptology and INFOSEC courses at the National Criptologic Centre (the Spanish National Communications Security Agency) he started to work there as INFOSEC Officer at the beginning of 2002. From 2004, with the establishment of Spanish Certification Body within the National Criptologic Centre, Franco began to work in the Spanish CB as Quality Manager and certifier until now.

Dr. Susanne Pingel

German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik - BSI), Germany After her studies of Mathematics at the University of Dortmund and her PhD at the FernUniversität of Hagen Susanne Pingel worked for over ten years as expert for IT security and CC related tasks for several companies. She joined the Common Criteria Certification Body at the BSI in 2007. There she works on the certification of hardware and software products of different types and on the certification of systems conforming to ISO 27001 in compliance with IT-Grundschutz. She is also representing the BSI in the Common Criteria Maintenance Board supporting the further development of the CC.