Javascript doesn't seem to be switched on - Some parts of this FMV web site don't function optimal without javascript, check your browser's settings.

This website use cookies. Cookies are used to ensure that the website function in the best way possible. If you continue without changing the settings in your computer you allow cookies to be used. Learn more about cookies and how they are used on this website.

Subscribe

This is where you are now:

Start / News and media / News Archive / Nyheter 2012 / IT Security in Products and Sy…

IT Security in Products and Systems

Skip to newslisting

Picture of Martin Bergling"The IT attacks against governments and companies show just how important it is that we, in our open democratic societies, have the best possible security in products and systems", says Martin Bergling, technical manager at CSEC.

"FMV is an important part of democracy", says Martin Bergling, working with IT security at CSEC which is an independent division of FMV.

"Here at FMV I get to work long term and help ensure democracy and a free and open society. This makes the work I do feel very meaningful and important", says Martin Bergling, technical manager at CSEC.

CSEC is Sweden's Certification Body for IT security. This means that they create and develop rules for how to examine IT security products and systems. CSEC does not conduct the actual testing, but different companies can apply for approval as testing companies. The companies that are approved are supported and supervised by CSEC. After an audit CSEC then issues a certificate which shows that a product meets the expected requirements.

"It is a process with many process flows that may seem complex", says Martin. "But it is a process deliberately designed to make the examination impartial and neutral".

Common security requirements

One of the assignments that CSEC has is to set exacting requirements for secure USB flash drives. This entails describing potential threats to information security in a USB memory device, such as unauthorized access to information or making changes incorrectly.

Each threat is handled by formulating objectives for safety and by describing the features needed to meet those objectives. The result is called a protection profile, or PP. The work is done in close collaboration with five other agencies with responsibility for information security. The next step is to develop common security policies for other products, such as computers and mobile phones.

Back at FMV

Fifteen years ago Martin Bergling began working at FMV. Back then he worked on the so-called security team. Before choosing to come back to FMV and CSEC, he spent some time working for Telia, the Swedish National Bank ( Riksbanken) and also IBM.

"There has been increased focus on information security. More people realize how important it is to be able to rely on security products. There is a larger market now for independent reviews and certifications, the very thing that CSEC is all about. Because of this, it feels good to be back at FMV and to be working in this area", concludes Martin.


Hint about this page

Fill in the form to send a link to this page.

Fields marked with * are compulsory.


* The field is compulsory

Published: 2012-04-19 11:26. Changed: 2013-07-10 11:34. Responsible: Show e-mail address.