4th CACR Information Security Workshop
Roland Mueller, TUViT, Inc.
IT Security Evaluation According to Harmonised and Approved Criteria
This talk will show in a brief presentation the history of IT security
criteria and their harmonisation and will point out, what the major issues
in an evaluation process are. The two criteria ITSEC and Common Criteria (CC)
will be compared and it will show what components have been evaluated
for the German Digital Signature act until today.
Roland Mueller is Executive Vice President of TUViT, Inc., a
California-based firm, where he leads their IT Security Laboratory and
Network group located in Austin, TX. Mr. Mueller was most recently a
Technical Manager for Daimler-Benz. In this capacity, Mr. Mueller assumed
responsibility for the technical installation, assessment and management of
the Daimler-Benz privacy and security policy. Mr. Mueller participated in
establishing the privacy and security policy governing local IT managers,
which focused on the fulfillment of the technical and operational
requirements in starting and supervising technical projects for IT security.
Mr. Mueller was a member of a project group responsible for protecting the
board of directors and management from IT fraud and increasing awareness of
that the risk of IT fraud at every level throughout the organization.
Prior to joining Daimler-Benz, Mr. Mueller worked as a manager for
technical security matters in the Department of Data Protection and IT
Security of Debis Systemhaus GmbH. Debis Systemhaus is Germany's largest
independent information technology (IT) service provider and a subsidiary of
Before his position at Debis Systemhaus, Mr. Mueller was responsible for
the research infrastructure and the implementation of the corporate research
WAN (wide area network) at Daimler-Benz Research Unit in Stuttgart. The
Unit included institutes located in Asia, Europe, Australia and North
America, with technology liaison offices of several major cities such as
Tokyo, Bangalore, Shanghai, Washington D.C., Palo Alto and Moscow.
After completing his master's degree at Friedrich-Alexander-University in
Computer Science, Mr. Mueller served as a scientist at the University of
Erlangen Nurnberg where he was responsible for WAN security projects.
During his employment with the university, Mr. Mueller implemented a packet
switching firewall for public networks which protected a group of networks
linked together as a unit form unauthorized access from public networks
(such a the Internet). Mr. Mueller also holds a bachelor's degree in
Computer Science from Friedrich-Alexander-University in Erlangen Nurnberg,
Roland Mueller is doing international IT security standardisation for more
than eight years, he was editor of a key management standard and is
currently editing a standard on time stamping services. He is chairman of
the German standardisation body on IT security techniques and was director
of the IACR in 1997 when chairing Eurocrypt.