Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SYSTEMS SECURITY ENGINEERING: A CRITICAL COMPONENT OF THE SYSTEMS ENGINEERING LIFECYCLE Kevin Behr SE 516 – Technical Article Presentation.

Published byOscar Lison Modified over 9 years ago

Similar presentations

Presentation on theme: "INFORMATION SYSTEMS SECURITY ENGINEERING: A CRITICAL COMPONENT OF THE SYSTEMS ENGINEERING LIFECYCLE Kevin Behr SE 516 – Technical Article Presentation."— Presentation transcript:

1 INFORMATION SYSTEMS SECURITY ENGINEERING: A CRITICAL COMPONENT OF THE SYSTEMS ENGINEERING LIFECYCLE Kevin Behr SE 516 – Technical Article Presentation James F. Davis, "Information systems security engineering: a critical component of the systems engineering lifecycle," ACM SIGAda Ada Letters, December, 2004, 13-18.

2 Introduction  Presented before Congress (Sept. 2003):  “…there is a growing problem with the security of our cyberinfrastructure…” Federal Government  Commercial Off-the Shelf Software (COTS)  My Experience  Why? No focus on Information Assurance in the Systems Development Life Cycle (SDLC)

3 Information Assurance  What is Information Assurance (IA)?  The protection of information and information systems by ensuring: Confidentiality Integrity Authentication Availability Non-Repudiation  Where is IA handled in the SDLC today?

4 NSA sponsored framework (2002)

5 IA (cont’d)  Due to high upfront costs and lack of end user awareness, IA is implemented post hoc  Most users choose features, convenience, and performance over security  Rising demand for IA awareness requires a new approach

6 Information Systems Security Engineering (ISSE)  What is ISSE?  “the systematic approach to building IA techniques and tools within a software systems engineering process.”  NSA: “the art and science of discovering users’ information protection needs and then designing and making information systems, with economy and elegance, so they can safely resist the forces to which they me be subjected.”  Objective of ISSE  Addressing IA from the beginning of the SDLC…  Approaching IA proactively to prevent need for security fixes

7 SDLC with ISSE

8 ISSE (cont’d) ISSE AdvantagesISSE Disadvantages Avert system vulnerabilities & failuresHigh upfront costs Save $ in the long-runLack of end user awareness

9 ISSE realization within…  Federal Government  “is making progress and is moving to a system-wide acceptance of ISSE”  International Information Systems Security Certification Consortium (ISC)  Information Systems Security Engineering Professional (ISSEP)  Industries  Demand for Security Engineers and ISSE principles is growing (in support of federal and commercial missions)  Increasing residential bandwidth and globalization  Academia  Response has been broadened by federal ventures  Design for Securability

10 Recommendations  In order to incorporate IA in today’s system’s, ISSE is needed  Build security engineers from the ground up  Academia  End User realization  Incorporation of ISSE principles  Certification Processes

11 Conclusion  There exists a fundamental need for ISSE  What is ISSE  Use of ISSE Today Federal, Corporate, Academic  Critical component of SDLC  Without ISSE, post hoc security  System vulnerabilities  Long run failures and costs  Growing Academic and Industrial awareness

12 Our Role (as SE students)?  Think about the security needs for our Graduate Thesis System – are there any?  How do we find out?  What can we do to ensure IA? Interface Restrictions Encryption Code Minimalization Etc.

Download ppt "INFORMATION SYSTEMS SECURITY ENGINEERING: A CRITICAL COMPONENT OF THE SYSTEMS ENGINEERING LIFECYCLE Kevin Behr SE 516 – Technical Article Presentation."

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Dr. Bhavani Thuraisingham The University of Texas at Dallas August 6, 2007 Software Engineering Systems Engineering Security Engineering.

Dr. Bhavani Thuraisingham The University of Texas at Dallas August 6, 2007 Software Engineering Systems Engineering Security Engineering.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Chapter 6 SYSTEMS DEVELOPMENT Phases, Tools, and Techniques

Chapter 6 SYSTEMS DEVELOPMENT Phases, Tools, and Techniques
Security Controls – What Works

Security Controls – What Works
1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-

1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
Soft. Eng. IDr Driss Kettani1 CSC-3324: Chapter I Introduction and definition Reading: I. Sommerville, Edition 7, Chap. 1.

Soft. Eng. IDr Driss Kettani1 CSC-3324: Chapter I Introduction and definition Reading: I. Sommerville, Edition 7, Chap. 1.
© Prentice Hall 2002 9.1 CHAPTER 9 Application Development by Information Systems Professionals.

© Prentice Hall CHAPTER 9 Application Development by Information Systems Professionals.
SYSTEMS DEVELOPMENT Phases, Tools, and Techniques

SYSTEMS DEVELOPMENT Phases, Tools, and Techniques
SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.

SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality 2014-06-10.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)

Similar presentations

Ads by Google