Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

Published byDaniel Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©"— Presentation transcript:

1 CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon University 95-752:8-1 Models of Information Security Analysis

2 © 2002 by Carnegie Mellon University Model - 2 Outline Definitions Analysis framework Cautionary factors Sample analysis

3 © 2002 by Carnegie Mellon University Model - 3 Definitions Trend: 1.to extend in a general direction: follow a general course or veer in a new direction 2.to show a tendency for example, to incline or trend upwards or to become deflected or shift Trend analysis: search for patterns over time in order to identify the ways in which they change and develop, veer in new directions, or shift Incident - Any event that harms security at one or more sites

4 © 2002 by Carnegie Mellon University Model - 4 Analysis Framework Types of trends Sources of data Interpretation of results

5 © 2002 by Carnegie Mellon University Model - 5 Types of Trends Internal and External patterns Temporal trends Spatial trends Associational trends Compound trends

6 © 2002 by Carnegie Mellon University Model - 6 Sources of Data CERT/CC Data Year 2000 - 21,756 Incidents reported to CERT/CC Year 2001 (Q1) - 7, 457 Incidents reported to CERT/CC Profiled 1654 incidents, all active during July 2000 - Feb 2001 (plus some preliminary June data) Open Source Data: Web page defacement mirrors Lexus/Nexus Full disclosure sites Social data

7 © 2002 by Carnegie Mellon University Model - 7 Limits of Trending Inherently partial data Baseline in dynamic environment Correlation vs. Causation Implications Need to be cautious in kinds of conclusions Consider strategies for dealing with trends gone wrong

8 © 2002 by Carnegie Mellon University Model - 8 Internal Pattern: Staged Attack 1 2 3

9 © 2002 by Carnegie Mellon University Model - 9 External Pattern: Tool Development Intruder 1 Intruder 2 Analysts

10 © 2002 by Carnegie Mellon University Model - 10 Temporal Trend Defenders Intruders

11 © 2002 by Carnegie Mellon University Model - 11 Vulnerabilities in Incidents

12 © 2002 by Carnegie Mellon University Model - 12 Service Shifts

13 © 2002 by Carnegie Mellon University Model - 13 Analysis Process Incident Information Flow Identify Profiles and Categories Isolate Variables Identify Data Sources Establish Relevancy Identify Gaps

14 © 2002 by Carnegie Mellon University Model - 14 Conclusions Typifying trends simplifies interpretation Clarification of goals Identification of relative importance of characteristics Understanding cyber security is growing in importance

Download ppt "CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©"

Similar presentations

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Sponsored by the U.S. Department of Defense © 2004 by Carnegie Mellon University page 1 Pittsburgh, PA 15213-3890 Integrating Domain Specific Modeling.

Sponsored by the U.S. Department of Defense © 2004 by Carnegie Mellon University page 1 Pittsburgh, PA Integrating Domain Specific Modeling.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1998 by Carnegie Mellon.

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1998 by Carnegie Mellon.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2001 by Carnegie Mellon.

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2001 by Carnegie Mellon.
Sponsored by the U.S. Department of Defense © 2007 by Carnegie Mellon University 1 Pittsburgh, PA 15213-3890 The Duties, Skills, and Knowledge of Software.

Sponsored by the U.S. Department of Defense © 2007 by Carnegie Mellon University 1 Pittsburgh, PA The Duties, Skills, and Knowledge of Software.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Copyright © 1997 Carnegie Mellon University Introduction to the Personal Software Process - Lecture 1 1 Introduction to the Personal Software Process Lecture.

Copyright © 1997 Carnegie Mellon University Introduction to the Personal Software Process - Lecture 1 1 Introduction to the Personal Software Process Lecture.
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
Insurability of Cyber Risk: An Empirical Analysis

Insurability of Cyber Risk: An Empirical Analysis
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Recognizing Attacks1. 2 Recognition Stances Recognizing Attacks3 Leading Questions Is it a real break-in? Was any damage really done? Is protecting evidence.

Recognizing Attacks1. 2 Recognition Stances Recognizing Attacks3 Leading Questions Is it a real break-in? Was any damage really done? Is protecting evidence.

Similar presentations

Ads by Google