Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 4, 2009 1 2/7/20141 Stevens Institute of Technology Security Systems Engineering Jennifer Bayuk Cybersecurity Program Director School of Systems and.

Similar presentations


Presentation on theme: "May 4, 2009 1 2/7/20141 Stevens Institute of Technology Security Systems Engineering Jennifer Bayuk Cybersecurity Program Director School of Systems and."— Presentation transcript:

1 May 4, /7/20141 Stevens Institute of Technology Security Systems Engineering Jennifer Bayuk Cybersecurity Program Director School of Systems and Enterprises

2 May 4, Stevens Institute Security Research National Center for Secure and Resilient Maritime Commerce Naval Security Infrastructure Technology Laboratory Center for the Advancement of Secure Systems and Information Assurance National Cybersecurity Center of Excellence in Information Assurance Education National Cybersecurity Center of Excellence in Information Assurance Research Leader of the DoD University Affiliated Research Center for Systems Engineering Systems Security Core Research Topic Why new focus on Systems Engineering Security?

3 May 4, »3»3 VPN Remote Access Server Policy Servers Certificate Authority AntiVirus Mgmt Personal Computers User Workstation User Terminal Mainframe LAN Multiplexor Time Sharing or Bulletin Board Service »Modem Internet Router External Servers Router Physical Perimeter Server Server Farm :::::: Firewall Web Servers »Modem Procedure V Proxy Server IDS IPS Isolate and Harden Servers :::::: Firewall SIM WAFW Content Filters EXTERNAL THREATS Wireless Token Admin VPN Secure Storage Key Management Online Services and Outsourcing Arrangements :::::: Firewall Current attacker path to data The Problem Identity Mgmt

4 SERC Security Engineering Research Roadmap 1.Define systems security 2.Measure systems security 3.Devise system security frameworks 4.Improve the proficiency of the security engineering workforce

5 1. Define systems security Reassess periphery models Focus on whole systems Examine interfaces and interactions Understand similarities and differences across domains Security Roadmap

6 2. Measure systems security Achievable and comparable security attributes Outcome-based rather than vulnerability-based Identify systemic value of currently available control standards Identify and measure trade-offs with respect to security features Security Roadmap

7 3. Devise systems security frameworks Include policy, process and technology Provide basis for evaluation New classes of system-level solutions Security-receptive architectures Security Roadmap

8 4. Improve the proficiency of the security engineering workforce Encourage and educate workforce Operational security requirements Community force multipliers Engage stakeholders Security Roadmap

9 Systemigram software from: Boardman and Sauser, Systems Thinking: Coping with 21st century problems, Taylor & Francis, Example: Systemic Security

10 :::::: Example System

11 Metaphorical Construct

12 Discovery ISO 27005:2008 Security Risk Assessment Task Order: 1. Identification of assets 2. Identification of threats 3. Identification of existing controls 4. Identification of vulnerabilities 5. Identification of consequences

13 May 4, Questions? Discussion? Follow-up:


Download ppt "May 4, 2009 1 2/7/20141 Stevens Institute of Technology Security Systems Engineering Jennifer Bayuk Cybersecurity Program Director School of Systems and."

Similar presentations


Ads by Google