Extranet for Security Professionals (ESP)

Slides:



Advertisements
Similar presentations
Worksite Web 8.0 at Miller & Martin
Advertisements

High level QA strategy for SQL Server enforcer
Oracle Financial System Project Team: Aseem Gupta Jeng Toa Lee Jun Lu Kevin Patrick Zhu Thomas Verghese Weicheng Wong Xuegong Wang ( Jeff ) Date : 26 th.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Extranet for Security Professionals Intrusion Scenarios Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000.
0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
0-1 Team # Status Report (1 of 4) Client Contact –Status Point 1 –Status Point 2 Team Meetings –Status Point 1 –Status Point 2 Team Organization –Description.
Extranet for Security Professionals Essential Services Analysis Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Oct. 31, 2000.
Distance Education Team 2 Security Architectures and Analysis.
Physician Reminder System The Western Pennsylvania Hospital 10/3/ Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga.
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
1 Security Architecture and Analysis Management of System Development and Implementation –The System Development Process –Issues and Risks –Mitigation.
0-1 Team 1 Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auto-Owners.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.
System Analysis and Design
0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.
ESP: A Final Analysis Bill Halpin Ying Hao Hui Huang H. T. Kowalski Tong Xu December 7, 2000.
WRAP Technical Support System Project Update AoH Call October 19, 2005.
Survivable Network Analysis Oracle Financial Management Services Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian Song.
Incident Response Updated 03/20/2015
Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.
The Design Discipline.
M ICROSOFT EXTENDS THE CAPABILITIES OF M ICROSOFT P ROJECT WITH P ROJECT S ERVER AND P ROJECT W EB A PP (PWA, FORMERLY P ROJECT W EB A CCESS ). M ICROSOFT.
Web Trnsport – Beta Testing and Implementation TUG Roundtable Discussion Elizabeth Rodgers Info Tech, Inc. October 9, 2007.
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
S-vector for Web Application Security Assessment Review of Term Project Requirements and PDR Results CS996 ISM Spring 2005 Dr. William Hery.
Chapter 6 of the Executive Guide manual Technology.
CS480 Computer Science Seminar Introduction to Microsoft Solutions Framework (MSF)
Software Project Documentation. Types of Project Documents  Project Charter  Requirements  Mockups and Prototypes  Test Cases  Architecture / Design.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
3TC Company e-Restaurant Project management plan lick to add Title 2 Contents Introduction add Title 1 Requirement Specifications 3 Design Description.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Appendix C: Designing an Operations Framework to Manage Security.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Attack Tool Repository and Player for ISEAGE May06-11 Abstract Today’s world is changing shape as it increases its dependency on computer technology. As.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
NUOL Internet Application Services Midterm presentation 22 nd March, 2004.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6 Essentials of Design.
Module 1: Overview of Microsoft Office SharePoint Server 2007.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
ESSRT In-Process Review September 10, Agenda 1.Work Completed Till Date 2.Scope of future activities and deliverables 2.
Carnegie Mellon University Software Engineering Institute Lecture 3a The Survivable Network Analysis Method: Evaluating Survivability of Critical Systems.
19-20 October 2010IT Directors’ Group Meeting 1 Item 3.3.g of the agenda Vision Infrastructure Project on Secure Infrastructure for CONfidential data access.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
OWASP ASVS Levels1234 Tools Manual Test and Review Manual Design Review At higher levels in ASVS,the use of tools is encouraged. But to be effective,the.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6 - Essentials of Design an the Design Activities.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
SEC.FAIL Information Security Defense Lab Setup. SEC.FAIL Instructions Each team will need to operate on a separate system profile. For the labs, you.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
[INSERT THE NAME OF YOUR PILOT ORGANIZATION] INSERT DATE.
Capstone Project MIDAS PROJECT
Network Security Analysis Name : Waleed Al-Rumaih ID :
Security Engineering.
Description of Revision
Raytheon Parts Management
Simplified Development Toolkit
INFORMATION SYSTEMS SECURITY and CONTROL
System Reengineering Restructuring or rewriting part or all of a system without changing its functionality Applicable when some (but not all) subsystems.
{Project Name} Organizational Chart, Roles and Responsibilities
Presentation transcript:

Extranet for Security Professionals (ESP) Group One

Team Members Heather T. Kowalski, Project Lead Tong Xu Ying Hao Hui Huang Bill Halpin

Task Extranet for Security Professionals Company: SEI Contact: Martin Lindner Security Analysis, using SNA Method

Milestones September 28, 2000 October 31, 2000 November 14, 2000 Initial Overview Presentation October 31, 2000 Essential Services Review November 14, 2000 Attack Threat Analysis December 5, 2000 Final Recommendations

Client Meetings – To Date September 15 Introductions High-level Review of Architecture September 20 Business Mission Detailed Overview of Client Goals Detailed Review of Architecture

Client Expectations Review the System Design and Architecture Identify and Document Vulnerabilities Identify Alternative Approaches to ESP Mission

SNA – System Definition Mission Requirements Environment Risk Definition Architecture Definition The SNA descriptions are taken from the Team Project Handout, so they don’t match 100% with the description in the master report.

ESP – Mission Central Repository of Security Information Central Location for Information Sharing Secure Environment, Manageable Resource

ESP – Requirements Security over Reliability Exchange of Information Responsible for Information Only While on ESP System User Driven and Maintained

ESP – Environment Dell PowerEdge Servers Windows NT 4.0 (SP3) SSL Only Minimal Options Activated SSL Cold Fusion Middleware

ESP – System Elements COTS Good Programming Practices Easier to Find Support Staff Easier to Maintain Updates Good Programming Practices Prevention Integrity Code Revision Controls

ESP – Architecture The Internet Router Firewall Web Servers © 2000 by Carnegie Mellon University/SEI ESP – Architecture The Internet Router Firewall There are additional Architecture slides in Marty’s original presentation. I thought that this was the most generic. We can always import the additional slides if needed. Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

ESP – Risk Definition System Attacks Abrogation of User Responsibilities Equipment Failure On-going Process Key difference from other systems – Security over Availability. ESP will be shut down at first thought of trouble.

Client Meetings - Expected Mid-October Verify Traffic Flow Early November Discuss Attack Potential Late November Mitigation Recommendations

SNA - Step Two Pending Essential Services & Assets Trace Scenarios Through Architecture Identify Essential Components of Architecture

SNA – Step Three Pending Review Attacker Profiles Discuss Likely Levels of Attack Identify Possible Attack Scenarios Determine Weak Links in Architecture

SNA – Step Four Pending Identify Architecture Deficiencies Present Current Strategies for 3 R’s Present Suggested Strategy Improvements Present Plan to Implement Improvements 3 R’s = resistance, recognition & recovery.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.