Presentation is loading. Please wait.

Presentation is loading. Please wait.

Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.

Published byBrandon Gallegos Modified over 10 years ago

Similar presentations

Presentation on theme: "Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski."— Presentation transcript:

1 Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski

2 2 Todays Experiment The purpose of the model is not to fit the data, but to sharpen the questions.

3 3 Outline What is Systems Security Engineering (SSE) What is Systems Security Engineering (SSE) The Dilemma The Dilemma Relationship with Systems Engineering Relationship with Systems Engineering Future Planning Future Planning

4 The Defenders Dilemma… Threats Resources Assets ? Guns, Guards, Gates & Technologies Emergent Technologies Emergent Design Basis Threats Including Technologies …a complex, dynamic resource allocation problem

5 5 What is Security Security is defined as freedom from danger or risk Security is defined as freedom from danger or risk –Focus is on Malevolent dangers –Benefits for natural and accidental dangers is considered, but not primary focus

6 6 What is SSE An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities. It uses mathematical, physical, and related scientific disciplines, and the principles and methods of engineering design and analysis to specify, predict, and evaluate the vulnerability of the system to security threats. 1 1 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.

7 7 Systems Security Engineering Management An element of program management that ensures system security tasks are completed. These tasks include developing security requirements and objectives; planning, organizing, identifying, and controlling the efforts that help achieve maximum security and survivability of the system during its life cycle; and interfacing with other program elements to make sure security functions are effectively integrated into the total system engineering effort. 2 2 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.

8 8 Purpose of SSE? Provide systems engineered solution for asset protection investments Provide systems engineered solution for asset protection investments Protect Assets Protect Assets –Prevent Undesirable Events –Prevent Undesirable Consequences –Mitigate Undesirable Consequences –Disaster Recovery Facilitate Operations Facilitate Operations Meet Regulatory Requirements Meet Regulatory Requirements

9 9 SSE Applications Apply SE to Security problem Apply SE to Security problem Apply SE to integrate protection measures into non-security projects Apply SE to integrate protection measures into non-security projects

10 10 SSE Responsibilities Threat Assessment Threat Assessment Consequence Assessment Consequence Assessment Vulnerability Assessment Vulnerability Assessment Systems Analysis and Design Systems Analysis and Design Bridge Between SE and Security Disciplines Bridge Between SE and Security Disciplines

11 11 Threat assessment Two Types of Threat Assessment Two Types of Threat Assessment Threat Characterization Threat Characterization Threat Quantification Threat Quantification

12 12 Two Types of Threat Assessment Evaluation of a spanning set of threats relevant to an organization or asset Evaluation of a spanning set of threats relevant to an organization or asset Evaluation of one or more specific threats Evaluation of one or more specific threats

13 13 Threat Characterization Real Threat Real Threat Perceived Threat Perceived Threat Management Threat Management Threat –Acceptable Risk –Acceptable cost –Acceptable operational impact –Examples Design Basis Threat Design Basis Threat Postulated Threat Postulated Threat

14 14 Characterization Continued Capability Capability –Skills –Equipment –Knowledge –Organizational skills

15 15 Characterization Continued Motivation Motivation –Desired End State Tactically - mission objective Tactically - mission objective Strategic - purpose of mission Strategic - purpose of mission –Level of commitment Willing to die? Willing to die? Willing to kill? Willing to kill? –World view that supports committing the undesirable event –Triggering events

16 16 Threat Quantification Likelihood Likelihood Frequency Frequency

17 17 Vulnerability Assessment Characterize system vulnerabilities Characterize system vulnerabilities –Components –System –Skills needed –Equipment needed –Knowledge needed Map vulnerabilities to management threat Map vulnerabilities to management threat

18 18 Consequence Assessment Asset definition Asset definition Definition of the undesirable events Definition of the undesirable events Consequence definition Consequence definition Consequence rating/ranking Consequence rating/ranking

19 19 System Analysis & Design Traditional Methods Blast Effects Blast Effects Performance Testing Performance Testing –Systems –Subsystem –Component Red Teams Red Teams Balance Balance Defense in Depth Defense in Depth Fault Trees Fault Trees New Methods Complexity Theory Complexity Theory Agile Security Agile Security Network Theory Network Theory Risk Management Risk Management Soft Systems Methodology Soft Systems Methodology

20 20 The Bridge Enterprise Including Systems Engineering Security Engineering SSE

21 21 Security disciplines PhysSec PhysSec COMPUSEC/ Information Systems Security COMPUSEC/ Information Systems Security COMSEC COMSEC INFoSEc INFoSEc OPSEC OPSEC Prodsec Prodsec KeySEC KeySEC TSCM TSCM Counter-intelligence Counter-intelligence Psyops Psyops Insider Protection Insider Protection Anti-terrorism Anti-terrorism Counter-terrorism Counter-terrorism Business Continuity and Disaster Recovery Business Continuity and Disaster Recovery

22 22 PhysSec Intrusion Detection Intrusion Detection Contraband Detection Contraband Detection AC&D AC&D Access Delay Access Delay Access Control Access Control Response Response Investigations Investigations

23 23 COMPUSEC/ Information Systems security Cryptography Cryptography Access Control Access Control Application Security Application Security Information Security and Risk Management Information Security and Risk Management Legal, Regulations, Compliance and Investigations Legal, Regulations, Compliance and Investigations Security Architecture and Design Security Architecture and Design Telecommunications and Network Security Telecommunications and Network Security System Administration System Administration Audit and Monitoring Audit and Monitoring Data Communications Data Communications Malicious Code / Malware Malicious Code / Malware

24 24 Path Forward The Goal: SSE Working Group The Goal: SSE Working Group Possible Starting Points Possible Starting Points –Mil-Hdb-1785 –This Presentation Next Steps Next Steps –Identify Volunteers –January 2007, INCOSE IW The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved' but the pig was 'committed'.

25 25 Questions - Discussion

Download ppt "Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski."

Similar presentations

Conducting your own Data Life Cycle Audit

Conducting your own Data Life Cycle Audit
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
TACTICAL/OPERATIONAL PLANNING

TACTICAL/OPERATIONAL PLANNING
CHAPTER 1 Basic Concepts of Strategic Management

CHAPTER 1 Basic Concepts of Strategic Management
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
1 System Engineers Toolbox 1 Compliance Automation, Inc. INCOSE: NM Enchantment Chapter By Cheryl Hill August 12, 2009.

1 System Engineers Toolbox 1 Compliance Automation, Inc. INCOSE: NM Enchantment Chapter By Cheryl Hill August 12, 2009.
1 Systems Security Engineering Working Group Activities at IW08 INCOSE Enchantment Meeting February 13, 2008 John W. Wirsbinski.

1 Systems Security Engineering Working Group Activities at IW08 INCOSE Enchantment Meeting February 13, 2008 John W. Wirsbinski.
Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007 IRDA – ICAI Round Table Meeting on Insurance Industry.

Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007 IRDA – ICAI Round Table Meeting on Insurance Industry.
ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.

DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
1 Introduction to Safety Management April 2006. 2 Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Module N° 7 – Introduction to SMS

Module N° 7 – Introduction to SMS
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
1 DOE Safety Committee Handbook. 2 Effective Safety Committee! Make it work for you!

1 DOE Safety Committee Handbook. 2 Effective Safety Committee! Make it work for you!
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts 1 - 20.

Addition Facts

Similar presentations

Ads by Google