260 likes | 450 Views
Systems Security Engineering An Updated Paradigm. INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski. Today’s Experiment. The purpose of the model is not to fit the data, but to sharpen the questions. . Outline. What is Systems Security Engineering (SSE) The Dilemma
E N D
Systems Security EngineeringAn Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski
Today’s Experiment The purpose of the model is not to fit the data, but to sharpen the questions.
Outline • What is Systems Security Engineering (SSE) • The Dilemma • Relationship with Systems Engineering • Future Planning
Emergent Technologies Resources Assets Threats Guns, Guards, & Technologies Gates The Defenders’ Dilemma… ? Emergent Design Basis Threats Including Technologies …a complex, dynamic resource allocation problem
What is Security • Security is defined as freedom from danger or risk • Focus is on Malevolent dangers • Benefits for natural and accidental dangers is considered, but not primary focus
What is SSE An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities. It uses mathematical, physical, and related scientific disciplines, and the principles and methods of engineering design and analysis to specify, predict, and evaluate the vulnerability of the system to security threats.1 1 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.
Systems Security Engineering Management An element of program management that ensures system security tasks are completed. These tasks include developing security requirements and objectives; planning, organizing, identifying, and controlling the efforts that help achieve maximum security and survivability of the system during its life cycle; and interfacing with other program elements to make sure security functions are effectively integrated into the total system engineering effort.2 2 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.
Purpose of SSE? • Provide systems engineered solution for asset protection investments • Protect Assets • Prevent Undesirable Events • Prevent Undesirable Consequences • Mitigate Undesirable Consequences • Disaster Recovery • Facilitate Operations • Meet Regulatory Requirements
SSE Applications • Apply SE to Security problem • Apply SE to integrate protection measures into non-security projects
SSE Responsibilities • Threat Assessment • Consequence Assessment • Vulnerability Assessment • Systems Analysis and Design • Bridge Between SE and Security Disciplines
Threat assessment • Two Types of Threat Assessment • Threat Characterization • Threat Quantification
Two Types of Threat Assessment • Evaluation of a spanning set of threats relevant to an organization or asset • Evaluation of one or more specific threats
Threat Characterization • Real Threat • Perceived Threat • Management Threat • Acceptable Risk • Acceptable cost • Acceptable operational impact • Examples • Design Basis Threat • Postulated Threat
Characterization Continued • Capability • Skills • Equipment • Knowledge • Organizational skills
Characterization Continued • Motivation • Desired End State • Tactically - mission objective • Strategic - purpose of mission • Level of commitment • Willing to die? • Willing to kill? • World view that supports committing the undesirable event • Triggering events
Threat Quantification • Likelihood • Frequency
Vulnerability Assessment • Characterize system vulnerabilities • Components • System • Skills needed • Equipment needed • Knowledge needed • Map vulnerabilities to management threat
Consequence Assessment • Asset definition • Definition of the undesirable events • Consequence definition • Consequence rating/ranking
Traditional Methods Blast Effects Performance Testing Systems Subsystem Component Red Teams Balance Defense in Depth Fault Trees New Methods Complexity Theory Agile Security Network Theory Risk Management Soft Systems Methodology System Analysis & Design
The Bridge Security Engineering Enterprise Including Systems Engineering SSE
PhysSec COMPUSEC/ Information Systems Security COMSEC INFoSEc OPSEC Prodsec KeySEC TSCM Counter-intelligence Psyops Insider Protection Anti-terrorism Counter-terrorism Business Continuity and Disaster Recovery Security disciplines
PhysSec • Intrusion Detection • Contraband Detection • AC&D • Access Delay • Access Control • Response • Investigations
Cryptography Access Control Application Security Information Security and Risk Management Legal, Regulations, Compliance and Investigations Security Architecture and Design Telecommunications and Network Security System Administration Audit and Monitoring Data Communications Malicious Code / Malware COMPUSEC/ Information Systems security
Path Forward • The Goal: SSE Working Group • Possible Starting Points • Mil-Hdb-1785 • This Presentation • Next Steps • Identify Volunteers • January 2007, INCOSE IW The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' but the pig was 'committed'.