Presentation on theme: "Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski."— Presentation transcript:
Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski
2 Todays Experiment The purpose of the model is not to fit the data, but to sharpen the questions.
3 Outline What is Systems Security Engineering (SSE) What is Systems Security Engineering (SSE) The Dilemma The Dilemma Relationship with Systems Engineering Relationship with Systems Engineering Future Planning Future Planning
The Defenders Dilemma… Threats Resources Assets ? Guns, Guards, Gates & Technologies Emergent Technologies Emergent Design Basis Threats Including Technologies …a complex, dynamic resource allocation problem
5 What is Security Security is defined as freedom from danger or risk Security is defined as freedom from danger or risk –Focus is on Malevolent dangers –Benefits for natural and accidental dangers is considered, but not primary focus
6 What is SSE An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities. It uses mathematical, physical, and related scientific disciplines, and the principles and methods of engineering design and analysis to specify, predict, and evaluate the vulnerability of the system to security threats. 1 1 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.
7 Systems Security Engineering Management An element of program management that ensures system security tasks are completed. These tasks include developing security requirements and objectives; planning, organizing, identifying, and controlling the efforts that help achieve maximum security and survivability of the system during its life cycle; and interfacing with other program elements to make sure security functions are effectively integrated into the total system engineering effort. 2 2 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.
8 Purpose of SSE? Provide systems engineered solution for asset protection investments Provide systems engineered solution for asset protection investments Protect Assets Protect Assets –Prevent Undesirable Events –Prevent Undesirable Consequences –Mitigate Undesirable Consequences –Disaster Recovery Facilitate Operations Facilitate Operations Meet Regulatory Requirements Meet Regulatory Requirements
9 SSE Applications Apply SE to Security problem Apply SE to Security problem Apply SE to integrate protection measures into non-security projects Apply SE to integrate protection measures into non-security projects
10 SSE Responsibilities Threat Assessment Threat Assessment Consequence Assessment Consequence Assessment Vulnerability Assessment Vulnerability Assessment Systems Analysis and Design Systems Analysis and Design Bridge Between SE and Security Disciplines Bridge Between SE and Security Disciplines
11 Threat assessment Two Types of Threat Assessment Two Types of Threat Assessment Threat Characterization Threat Characterization Threat Quantification Threat Quantification
12 Two Types of Threat Assessment Evaluation of a spanning set of threats relevant to an organization or asset Evaluation of a spanning set of threats relevant to an organization or asset Evaluation of one or more specific threats Evaluation of one or more specific threats
15 Characterization Continued Motivation Motivation –Desired End State Tactically - mission objective Tactically - mission objective Strategic - purpose of mission Strategic - purpose of mission –Level of commitment Willing to die? Willing to die? Willing to kill? Willing to kill? –World view that supports committing the undesirable event –Triggering events
16 Threat Quantification Likelihood Likelihood Frequency Frequency
17 Vulnerability Assessment Characterize system vulnerabilities Characterize system vulnerabilities –Components –System –Skills needed –Equipment needed –Knowledge needed Map vulnerabilities to management threat Map vulnerabilities to management threat
18 Consequence Assessment Asset definition Asset definition Definition of the undesirable events Definition of the undesirable events Consequence definition Consequence definition Consequence rating/ranking Consequence rating/ranking
19 System Analysis & Design Traditional Methods Blast Effects Blast Effects Performance Testing Performance Testing –Systems –Subsystem –Component Red Teams Red Teams Balance Balance Defense in Depth Defense in Depth Fault Trees Fault Trees New Methods Complexity Theory Complexity Theory Agile Security Agile Security Network Theory Network Theory Risk Management Risk Management Soft Systems Methodology Soft Systems Methodology
20 The Bridge Enterprise Including Systems Engineering Security Engineering SSE
21 Security disciplines PhysSec PhysSec COMPUSEC/ Information Systems Security COMPUSEC/ Information Systems Security COMSEC COMSEC INFoSEc INFoSEc OPSEC OPSEC Prodsec Prodsec KeySEC KeySEC TSCM TSCM Counter-intelligence Counter-intelligence Psyops Psyops Insider Protection Insider Protection Anti-terrorism Anti-terrorism Counter-terrorism Counter-terrorism Business Continuity and Disaster Recovery Business Continuity and Disaster Recovery
23 COMPUSEC/ Information Systems security Cryptography Cryptography Access Control Access Control Application Security Application Security Information Security and Risk Management Information Security and Risk Management Legal, Regulations, Compliance and Investigations Legal, Regulations, Compliance and Investigations Security Architecture and Design Security Architecture and Design Telecommunications and Network Security Telecommunications and Network Security System Administration System Administration Audit and Monitoring Audit and Monitoring Data Communications Data Communications Malicious Code / Malware Malicious Code / Malware
24 Path Forward The Goal: SSE Working Group The Goal: SSE Working Group Possible Starting Points Possible Starting Points –Mil-Hdb-1785 –This Presentation Next Steps Next Steps –Identify Volunteers –January 2007, INCOSE IW The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' but the pig was 'committed'.