SERC Security. By Jennifer Bayuk



Similar documents
System Aware Cyber Security

INCOSE System Security Engineering Working Group Charter

System Aware Cyber Security Architecture

What methods are used to conduct testing?

Assessment Criteria The learner can: 1.1 Describe the purpose of a team

Company Background EMAGINED SECURITY All rights reserved.

MBA Degree Plan in Finance. (Thesis Track)

GENERAL SERVICES ADMINISTRATION FEDERAL SUPPLY SERVICE AUTHORIZED FEDERAL SUPPLY SCHEDULE PRICE LIST

STUDENT OUTCOMES ASSESSMENT PLAN (SOAP)

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview

EFFECTS+ Clustering of Trust and Security Research Projects, Identifying Results, Impact and Future Research Roadmap Topics

How To Design A Cyber Security Architecture

Enterprise Security Tactical Plan

The Role of ITIL in IT Governance

U.S. Defense Priorities OSD PA&E

Session 4. System Engineering Management. Session Speaker : Dr. Govind R. Kadambi. M S Ramaiah School of Advanced Studies 1

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Program Management: Opportunity or CLM?

An Introduction to Organizational Maturity Assessment: Measuring Organizational Capabilities

The Application Readiness Level Metric

Copyright 2014 by ABET. Proposed revisions to ABET Criterion 3 (Student outcomes [a-k]) and Criterion 5 (Curriculum)

CHALLENGER INSTITUTE OF TECHNOLOGY. Applied Engineering

NASA OFFICE OF INSPECTOR GENERAL

Project Management Professional (PMP)

Procurement Innovation for Cloud Services in Europe

Faculty of Organizational Sciences

Springer SUPPLY CHAIN CONFIGURATION CONCEPTS, SOLUTIONS, AND APPLICATIONS. Cham Chandra University of Michigan - Dearborn Dearborn, Michigan, USA

Correlation between competency profile and course learning objectives for Full-time MBA

HKITPC Competency Definition

P3M3 Portfolio Management Self-Assessment

1. What is PRINCE2? Projects In a Controlled Environment. Structured project management method. Generic based on proven principles

What is a life cycle model?

Lecture 8. Systems engineering L E C T U R E. SIMILAR process. Zuzana Bělinová. Faculty of Transportation Sciences, CTU in Prague

Space project management

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

CAPABILITY FOR DEFENCE IN TURKEY

Measurement Information Model

Methods for Assessing Student Learning Outcomes

Cybersecurity and Oversight of Information System Security (CDSE ED 514)

The United States Department of Defense Revitalization of System Security Engineering Through Program Protection

Digital Marketing Specialist

NSF Workshop: High Priority Research Areas on Integrated Sensor, Control and Platform Modeling for Smart Manufacturing

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

AC : ENGINEERING MANAGEMENT PROGRAM ACCREDI- TATION: COMPARING AACSB AND ABET

Following is a discussion of the Hub s role within the health insurance exchanges, the results of our review, and concluding observations.

AS9100 B to C Revision

Security Considerations for the Spiral Development Model

Supervisor of Banks: Proper Conduct of Banking Business [9] (4/13) Sound Credit Risk Assessment and Valuation for Loans Page 314-1

State of Minnesota IT Governance Framework

Software Architecture Professional Certificate

UNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Historically Black Colleges and Universities and Minority Institutions

INDECO Management Solutions

Best Practices for the Acquisition of COTS-Based Software Systems (CBSS): Experiences from the Space Systems Domain

Practical Experience Requirements Initial Professional Development for Professional Accountants

Assessing a Scientific Data Center as a Trustworthy Digital Repository

Space Ground Services in the Joint Information Environment (JIE)

TALENT SCORECARD. Evaluating And Measuring Talent Strategy Outcomes

Introduction to Systems Analysis and Design

EST.03. An Introduction to Parametric Estimating

Intellectual Property& Technology Law Journal

Six Sigma Leadership Guide for Program Success: S-SLEF Framework

System/Data Requirements Definition Analysis and Design

White Paper Operations Research Applications to Support Performance Improvement in Healthcare

Internal Quality Assurance Arrangements

Office of the Chief Information Officer

Program Rating Sheet - Athens State University Athens, Alabama

Setting the Expectation for Success: Performance Management & Appraisal System

Business Intelligence and Decision Support Systems

All of these circumstances indicate that the world of tomorrow is as different as today s water utility business is from that of yesteryear.

Set objectives and provide support for team members (B5) OCR Unit Number: 3

Set objectives and provide support for team members (B5)

IT Consulting Proposal Template

Project management. Objectives. Topics covered. Organizing, planning and scheduling software projects DISCUSSION

Security Engineering Project

Developing Business Architecture with TOGAF

PROJECT MANAGEMENT PLAN CHECKLIST

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

Software Project Models

Using Your PMO to Drive Successful Organizational Change Management

Transcription:

SERC Security By Jennifer Bayuk Annual SERC Research Review October 5 6, 2011 University of Maryland MarrioF Inn and ConvenHon Center HyaFsville, MD www.sercuarc.org Annual SERC Research Review, October 5 6, 2011 1

SERC Security Research Tasks RT8 System Security Roadmap Our foundahon RT28 System Aware Security Currently achve PI is Barry Horowitz, UVA RT32 System Security Metrics Proposed PI is Jennifer Bayuk If accepted will require mulhple security SME collaborators RT38 Cyber Security Decision Support Proposed PI is Barry Horowitz Builds on RT28 Annual SERC Research Review, October 5 6, 2011 2

RT 8: System Security Roadmap The SERC system security roadmap was motivated by the fact that current defensive strategies add tremendously to cost and do not respond effectively to the growing sophistication of attacks, as well as the recognition that today s systems engineers are inadequately prepared to address system security requirements. RT8 was a 8-month effort with representation from the majority of the SERC members, as well as a larger community of invited security subject matter experts. The final report emphasized that progress in system security research must follow a scientific process that includes clear problem statements, thorough problem background descriptions including a full literature review, clearly defined solution criteria, and proposed hypothesis formulated to shed light on a solution and how it may be proven or disproven. As security luminary and roadmap reviewer Peter G. Neumann said in his email response to the final draft, the roadmap was a very worthy step forward in security research. Annual SERC Research Review, October 5 6, 2011 3

RT 28: System Aware Security Successful security design patterns should yield metrics that relate increases in security to corresponding impacts on system performance. Such metrics provide much needed information required by the engineering trade-space. Building on RT8: Systems Security Engineering Roadmap, RT28 research in architecture frameworks will devise systems security engineering methods that integrate fault tolerant and automatic control system technologies with cyber security technologies, processes, and tools to develop System-Aware security services that will be transferable between systems with common functionality. Key Deliverables: Description of system-aware security as an architectural concept, to include a prototype of system-aware security services architecture to demonstrate integration of services to dynamically adapt performance based upon risk and system performance implications. Design patterns with embedded metrics regarding security/system performance tradeoffs. Annual SERC Research Review, October 5 6, 2011 4

RT 32: System Security Metrics The state of the art and current practice in security metrics use certification and testing strategies rather than correctness and effectiveness criteria. Security requirements can be verified using well known certification techniques in combination with continuous monitoring technologies, but can be validated only with respect to system mission and purpose. Building on RT8: Systems Security Engineering Roadmap, RT32 research in security metrics shall provide the theoretical foundation to support security requirement analysis and security models for use in both security requirements verification and validation. Key Deliverables: Security framework that combines both security and systems engineering techniques from other disciplines to combine measurable systems security attributes into a working definition of systems-level security that can be measured (to include output from RT28). Evaluation report via the framework for DoD-selected case studies. Annual SERC Research Review, October 5 6, 2011 5

The uncertainties and judgment calls surrounding cyber security call for a process through which DOD operators and procurement officers could interact with system designers in exploring the tradeoff space as a precursor to selecting and evaluating final design candidates. Building on RT28: Cyber Security Decision Support, RT-38, will build upon the security scoring system developed in RT-28. RT-38 research will focus on the design of a collaboration environment that addresses the influences of uncertainties in expert judgment and decision-maker preferences and how they influence complex decision making. This work will have a foundation in the mathematics of multi-objective decision theory under uncertainty, and will be tailored to enable practical use. Key Deliverables: RT 38: Cyber Security Decision Support A prototype distributed software system for multi-agent decision support. Analysis and documentation of results for the use of the prototype in formative experiments, initial evaluations, and technology demonstrations. Annual SERC Research Review, October 5 6, 2011 6

Remainder of Session Agenda Summary of RT28 Rick Jones, UVA Roundtable discussion Annual SERC Research Review, October 5 6, 2011 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information