Stevens Institute of Technology Security Systems Engineering

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

PhoenixPro Procurement. technology. contracts. projects.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
IS Network and Telecommunications Risks
Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
Network Security Overview Tales from the trenches.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Addressing Information Security at Heller October 16, 2013 secureHeller.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
TOSIBOX LOCK security options 1 1.
Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Storage Security and Management: Security Framework
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Joseph Ferracin Director IT Security Solutions Managing Security.
Honeypot and Intrusion Detection System
SECURITY & THE UNIVERSITY INCLUDING A HOSPITAL October 3, 2008 Doyle Friskney Chief Technology Officer University of Kentucky.
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Customers Security in Context Microsoft & Office 365 / Azure Cloud Security Engagement Framework & References Real World application Frameworks.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.
Firewall Security.
1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.
Small Business Security Keith Slagle April 24, 2007.
NETWORK INFRASTRUCTURE SECURITY Domain 5. Computer Security “in short, the average computer is about as secure as a wet paper bag, and it is one of the.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Total Threat Protection Securing All Your Threat Vectors Hartford Tech Summit.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Application Security in a cyber security program
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
Jacques Bus Head of Unit, DG INFSO-F5 “Security” European Commission FP7 launch in the New Member States Regional on-line conference 22 January 2007 Objective.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
IT Services Model Business Requirements IT Strategies Goals
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
IS3220 Information Technology Infrastructure Security
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
Troubleshooting Networked Video
Network Security Research Presentation
Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity Framework (NIST CSF) A Business Case.
Introduction to Computers
IS4550 Security Policies and Implementation
Unit 27: Network Operating Systems
IT Vocab IT = information technology Server Client or host
ISMS Information Security Management System
IS4680 Security Auditing for Compliance
Contact Center Security Strategies
Implementing Client Security on Windows 2000 and Windows XP Level 150
LM 5. Wireless Network Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Toward Distributed and Virtualized Enterprise Security
Presentation transcript:

Stevens Institute of Technology Security Systems Engineering Jennifer Bayuk Cybersecurity Program Director School of Systems and Enterprises jennifer.bayuk@stevens.edu 3/27/2017

Stevens Institute Security Research National Center for Secure and Resilient Maritime Commerce Naval Security Infrastructure Technology Laboratory Center for the Advancement of Secure Systems and Information Assurance National Cybersecurity Center of Excellence in Information Assurance Education National Cybersecurity Center of Excellence in Information Assurance Research Leader of the DoD University Affiliated Research Center for Systems Engineering Systems Security Core Research Topic Why new focus on Systems Engineering Security?

Isolate and Harden Servers Key Management Identity Mgmt EXTERNAL THREATS Secure Storage User Terminal Personal Computers V Physical Perimeter :::::: Firewall Certificate Authority AntiVirus Mgmt Procedure Multiplexor LAN User Workstation Wireless VPN Modem Modem Mainframe Remote Access Server VPN Isolate and Harden Servers :::::: Firewall Token Admin Policy Servers SIM :::::: Firewall Time Sharing or Bulletin Board Service Online Services and Outsourcing Arrangements Proxy Server Content Filters External Servers Email Server Server Farm IPS All rights reserved. IDS Web Servers Router Internet WAFW Router The Problem Current attacker path to data

SERC Security Engineering Research Roadmap Define systems security Measure systems security Devise system security frameworks Improve the proficiency of the security engineering workforce

1. Define systems security Security Roadmap 1. Define systems security Reassess periphery models Focus on whole systems Examine interfaces and interactions Understand similarities and differences across domains

2. Measure systems security Security Roadmap 2. Measure systems security Achievable and comparable security attributes Outcome-based rather than vulnerability-based Identify systemic value of currently available control standards Identify and measure trade-offs with respect to security features

3. Devise systems security frameworks Security Roadmap 3. Devise systems security frameworks Include policy, process and technology Provide basis for evaluation New classes of system-level solutions Security-receptive architectures

4. Improve the proficiency of the security engineering workforce Security Roadmap 4. Improve the proficiency of the security engineering workforce Encourage and educate workforce Operational security requirements Community force multipliers Engage stakeholders

Example: Systemic Security Systemigram software from: Boardman and Sauser, Systems Thinking: Coping with 21st century problems, Taylor & Francis, 2008.

Example System ::::::

Metaphorical Construct

2 4 3 1 5 Discovery ISO 27005:2008 Security Risk Assessment Task Order: 1. Identification of assets 2. Identification of threats 3. Identification of existing controls 4. Identification of vulnerabilities 5. Identification of consequences 5

Questions? Discussion? Follow-up: jennifer.bayuk@stevens.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.