Upload
brandon-gallegos
View
219
Download
1
Tags:
Embed Size (px)
Citation preview
Systems Security Systems Security EngineeringEngineering
An Updated ParadigmAn Updated Paradigm
INCOSE Enchantment ChapterINCOSE Enchantment ChapterNovember 8, 2006November 8, 2006
John W. WirsbinskiJohn W. Wirsbinski
22
Today’s ExperimentToday’s Experiment
The purpose of the model is not to fit the data, but to sharpen the questions.
33
OutlineOutline
• What is Systems Security What is Systems Security Engineering (SSE)Engineering (SSE)
• The DilemmaThe Dilemma
• Relationship with Systems Relationship with Systems EngineeringEngineering
• Future Planning Future Planning
The Defenders’ Dilemma…The Defenders’ Dilemma…
Threats
Resources
Assets?Guns,
Guards,Gates &
Technologies
EmergentTechnologies
EmergentDesign Basis Threats
Including Technologies
……a complex, dynamic resource a complex, dynamic resource allocation problemallocation problem
55
What is SecurityWhat is Security
• Security is defined as freedom from Security is defined as freedom from danger or riskdanger or risk– Focus is on Malevolent dangersFocus is on Malevolent dangers– Benefits for natural and accidental Benefits for natural and accidental
dangers is considered, but not primary dangers is considered, but not primary focusfocus
66
What is SSEWhat is SSE
An element of system engineering that An element of system engineering that applies scientific and engineering principles applies scientific and engineering principles to identify security vulnerabilities and to identify security vulnerabilities and minimize or contain risks associated with minimize or contain risks associated with these vulnerabilities. these vulnerabilities. It uses mathematical, physical, and related scientific It uses mathematical, physical, and related scientific disciplines, and the principles and methods of engineering disciplines, and the principles and methods of engineering design and analysis to specify, predict, and evaluate the design and analysis to specify, predict, and evaluate the vulnerability of the system to security threats.vulnerability of the system to security threats.11
1 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.
77
Systems Security Engineering Systems Security Engineering ManagementManagement
An element of program management that ensures An element of program management that ensures system security tasks are completed. These tasks system security tasks are completed. These tasks include developing security requirements and include developing security requirements and objectives; planning, organizing, identifying, and objectives; planning, organizing, identifying, and controlling the efforts that help achieve maximum controlling the efforts that help achieve maximum security and survivability of the system during its security and survivability of the system during its life cycle; and interfacing with other program life cycle; and interfacing with other program elements to make sure security functions are elements to make sure security functions are effectively integrated into the total system effectively integrated into the total system engineering effort.engineering effort.22
2 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.
88
Purpose of SSE?Purpose of SSE?• Provide systems engineered solution Provide systems engineered solution
for asset protection investmentsfor asset protection investments• Protect AssetsProtect Assets
– Prevent Undesirable EventsPrevent Undesirable Events– Prevent Undesirable ConsequencesPrevent Undesirable Consequences– Mitigate Undesirable ConsequencesMitigate Undesirable Consequences– Disaster RecoveryDisaster Recovery
• Facilitate OperationsFacilitate Operations• Meet Regulatory RequirementsMeet Regulatory Requirements
99
SSE ApplicationsSSE Applications
• Apply SE to Security problemApply SE to Security problem
• Apply SE to integrate protection Apply SE to integrate protection measures into non-security projectsmeasures into non-security projects
1010
SSE ResponsibilitiesSSE Responsibilities
• Threat AssessmentThreat Assessment
• Consequence AssessmentConsequence Assessment
• Vulnerability AssessmentVulnerability Assessment
• Systems Analysis and DesignSystems Analysis and Design
• Bridge Between SE and Security Bridge Between SE and Security DisciplinesDisciplines
1111
Threat assessmentThreat assessment
• Two Types of Threat AssessmentTwo Types of Threat Assessment
• Threat CharacterizationThreat Characterization
• Threat QuantificationThreat Quantification
1212
Two Types of Threat Two Types of Threat AssessmentAssessment
• Evaluation of a spanning set of Evaluation of a spanning set of threats relevant to an organization or threats relevant to an organization or assetasset
• Evaluation of one or more specific Evaluation of one or more specific threatsthreats
1313
Threat CharacterizationThreat Characterization• Real ThreatReal Threat• Perceived ThreatPerceived Threat• Management ThreatManagement Threat
– Acceptable RiskAcceptable Risk– Acceptable costAcceptable cost– Acceptable operational impactAcceptable operational impact– ExamplesExamples
•Design Basis ThreatDesign Basis Threat•Postulated ThreatPostulated Threat
1414
Characterization ContinuedCharacterization Continued
• CapabilityCapability– SkillsSkills– EquipmentEquipment– KnowledgeKnowledge– Organizational skillsOrganizational skills
1515
Characterization ContinuedCharacterization Continued
• Motivation Motivation – Desired End StateDesired End State
• Tactically - mission objectiveTactically - mission objective
• Strategic - purpose of missionStrategic - purpose of mission
– Level of commitmentLevel of commitment• Willing to die?Willing to die?
• Willing to kill?Willing to kill?
– World view that supports committing the World view that supports committing the undesirable eventundesirable event
– Triggering eventsTriggering events
1616
Threat QuantificationThreat Quantification
• LikelihoodLikelihood
• FrequencyFrequency
1717
Vulnerability AssessmentVulnerability Assessment
• Characterize system vulnerabilitiesCharacterize system vulnerabilities– ComponentsComponents– SystemSystem– Skills neededSkills needed– Equipment neededEquipment needed– Knowledge neededKnowledge needed
• Map vulnerabilities to management Map vulnerabilities to management threatthreat
1818
Consequence AssessmentConsequence Assessment
• Asset definitionAsset definition
• Definition of the undesirable eventsDefinition of the undesirable events
• Consequence definitionConsequence definition
• Consequence rating/rankingConsequence rating/ranking
1919
System Analysis & DesignSystem Analysis & Design
Traditional MethodsTraditional Methods• Blast EffectsBlast Effects• Performance TestingPerformance Testing
– SystemsSystems– SubsystemSubsystem– ComponentComponent
• Red TeamsRed Teams• BalanceBalance• Defense in DepthDefense in Depth• Fault TreesFault Trees
New MethodsNew Methods• Complexity TheoryComplexity Theory• Agile SecurityAgile Security• Network TheoryNetwork Theory• Risk ManagementRisk Management• Soft Systems Soft Systems
MethodologyMethodology
2020
The BridgeThe Bridge
EnterpriseIncluding Systems Engineering
SecurityEngineering
SSESSE
2121
Security disciplinesSecurity disciplines
• PhysSecPhysSec• COMPUSEC/ COMPUSEC/
Information Information Systems Security Systems Security
• COMSECCOMSEC• INFoSEcINFoSEc• OPSECOPSEC• ProdsecProdsec• KeySECKeySEC
• TSCMTSCM• Counter-intelligenceCounter-intelligence• PsyopsPsyops• Insider ProtectionInsider Protection• Anti-terrorismAnti-terrorism• Counter-terrorismCounter-terrorism• Business Continuity Business Continuity
and Disaster and Disaster RecoveryRecovery
2222
PhysSecPhysSec
• Intrusion DetectionIntrusion Detection
• Contraband DetectionContraband Detection
• AC&DAC&D
• Access DelayAccess Delay
• Access ControlAccess Control
• ResponseResponse
• InvestigationsInvestigations
2323
COMPUSEC/ Information COMPUSEC/ Information Systems securitySystems security• CryptographyCryptography
• Access ControlAccess Control
• Application SecurityApplication Security
• Information Security Information Security and Risk Managementand Risk Management
• Legal, Regulations, Legal, Regulations, Compliance and Compliance and InvestigationsInvestigations
• Security Architecture Security Architecture and Designand Design
• Telecommunications Telecommunications and Network Securityand Network Security
• System AdministrationSystem Administration
• Audit and MonitoringAudit and Monitoring
• Data CommunicationsData Communications
• Malicious Code / Malicious Code / MalwareMalware
2424
Path ForwardPath Forward
• The Goal: SSE Working Group The Goal: SSE Working Group
• Possible Starting PointsPossible Starting Points– Mil-Hdb-1785Mil-Hdb-1785– This PresentationThis Presentation
• Next StepsNext Steps– Identify VolunteersIdentify Volunteers– January 2007, INCOSE IWJanuary 2007, INCOSE IW
The difference between 'involvement' and 'commitment' is like an eggs-and-ham breakfast: the chicken was 'involved'
but the pig was 'committed'.
2525
Questions - DiscussionQuestions - Discussion