Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stevens Institute of Technology Security Systems Engineering

Published byJames Fletcher Modified over 10 years ago

Similar presentations

Presentation on theme: "Stevens Institute of Technology Security Systems Engineering"— Presentation transcript:

1 Stevens Institute of Technology Security Systems Engineering
Jennifer Bayuk Cybersecurity Program Director School of Systems and Enterprises 3/27/2017

2 Stevens Institute Security Research
National Center for Secure and Resilient Maritime Commerce Naval Security Infrastructure Technology Laboratory Center for the Advancement of Secure Systems and Information Assurance National Cybersecurity Center of Excellence in Information Assurance Education National Cybersecurity Center of Excellence in Information Assurance Research Leader of the DoD University Affiliated Research Center for Systems Engineering Systems Security Core Research Topic Why new focus on Systems Engineering Security?

3 Isolate and Harden Servers
Key Management Identity Mgmt EXTERNAL THREATS Secure Storage User Terminal Personal Computers V Physical Perimeter :::::: Firewall Certificate Authority AntiVirus Mgmt Procedure Multiplexor LAN User Workstation Wireless VPN Modem Modem Mainframe Remote Access Server VPN Isolate and Harden Servers :::::: Firewall Token Admin Policy Servers SIM :::::: Firewall Time Sharing or Bulletin Board Service Online Services and Outsourcing Arrangements Proxy Server Content Filters External Servers Server Server Farm IPS All rights reserved. IDS Web Servers Router Internet WAFW Router The Problem Current attacker path to data

4 SERC Security Engineering
Research Roadmap Define systems security Measure systems security Devise system security frameworks Improve the proficiency of the security engineering workforce

5 1. Define systems security
Security Roadmap 1. Define systems security Reassess periphery models Focus on whole systems Examine interfaces and interactions Understand similarities and differences across domains

6 2. Measure systems security
Security Roadmap 2. Measure systems security Achievable and comparable security attributes Outcome-based rather than vulnerability-based Identify systemic value of currently available control standards Identify and measure trade-offs with respect to security features

7 3. Devise systems security frameworks
Security Roadmap 3. Devise systems security frameworks Include policy, process and technology Provide basis for evaluation New classes of system-level solutions Security-receptive architectures

8 4. Improve the proficiency of the security engineering workforce
Security Roadmap 4. Improve the proficiency of the security engineering workforce Encourage and educate workforce Operational security requirements Community force multipliers Engage stakeholders

9 Example: Systemic Security
Systemigram software from: Boardman and Sauser, Systems Thinking: Coping with 21st century problems, Taylor & Francis, 2008.

10 Example System ::::::

11 Metaphorical Construct

12 2 4 3 1 5 Discovery ISO 27005:2008 Security Risk Assessment
Task Order: 1. Identification of assets 2. Identification of threats 3. Identification of existing controls 4. Identification of vulnerabilities 5. Identification of consequences 5

13 Questions? Discussion? Follow-up: jennifer.bayuk@stevens.edu

Download ppt "Stevens Institute of Technology Security Systems Engineering"

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Prepared: October, 2005 1 Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
Network Security Overview Tales from the trenches.

Network Security Overview Tales from the trenches.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.

NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.

SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Similar presentations

Ads by Google