Term Project Teams of ~3 students Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and.

Slides:



Advertisements
Similar presentations
Advanced Energy Vehicle
Advertisements

Deliverable #8: Detailed Design - Overview due: Wednesday, 7 March All Deliverable materials are to be posted into Team Concert. Your to.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Software Process Models
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
1 Software Requirement Analysis Deployment Package for the Basic Profile Version 0.1, January 11th 2008.
Conquering Complex and Changing Systems Object-Oriented Software Engineering TJSS System Design Lecture 12 Päivi Ovaska.
EDGE™ A P D C Copyright © 2004 Dr. Edward Hensel P.E. and P.H. Stiebitz. All rights reserved. Technical Data Package & Team Notebook …what is it anyway?
Term Project Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and server side) Submit a.
Information System Security Engineering and Management
1 Introduction to System Engineering G. Nacouzi ME 155B.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Systems Engineering Management
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE , Fall Security Strategies.
Defining the Activities. Documents  Goal Statement defines why helps manage expectations  Statement of Work what gets delivered defines scope  Software.
CSULB EE400D Documentation Instructional Series
Network security policy: best practices
LSU 07/07/2004Communication1 Communication & Documentation Project Management Unit – Lecture 8.
What is Business Analysis Planning & Monitoring?
Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.
Chapter 2: Overview of Essentials ISE 443 / ETM 543 Fall 2013.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
Introduction to Software Quality Assurance (SQA)
Evolving IT Framework Standards (Compliance and IT)
Page 1 MODEL TEST in the small GENERALIZE PROGRAM PROCESS allocated maintenance changes management documents initial requirement project infrastructure.
Welcome to CS 3260 Dennis A. Fairclough. Overview Course Canvas Web Site Course Materials Lab Assignments Homework Grading Exams Withdrawing from Class.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
Chapter 1: Introduction to Project Management
S-vector for Web Application Security Assessment Review of Term Project Requirements and PDR Results CS996 ISM Spring 2005 Dr. William Hery.
Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
21 August Agenda  Introductions  Logistics  Selecting a project  Working with a client.
Software Engineering Management Lecture 1 The Software Process.
Project Scope Management Project management Digital Media Department Unit Credit Value : 4 Essential Learning time : 120 hours.
IT 499 Bachelor Capstone Week 4. Adgenda Administrative Review UNIT Four UNIT Five Project UNIT Six Preview Project Status Summary.
The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Design Proposal A document prepared to (a) justify the need for the project, (b) describe the engineering process to be taken, (c) outline the expected.
Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Educause Security 2006 © Baylor University Security Assessments for Information Technology Bob Hartland Director of IT Servers and Network Services.
SCOPE DEFINITION,VERIFICATION AND CONTROL Ashima Wadhwa.
T Iteration Demo Tikkaajat [PP] Iteration
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
University of Southern California Center for Systems and Software Engineering RDCR ARB CS 577b Software Engineering II Supannika Koolmanojwong.
CMGT 400 Entire Course CMGT 400 Week 1 DQ 1  CMGT 400 Week 1 Individual Assignment Risky Situation  CMGT 400 Week 1 Team Assignment Kudler Fine Foods.
For more course tutorials visit
CMGT 400 GUIDE Real Success CMGT 400 Entire Course FOR MORE CLASSES VISIT CMGT 400 Week 1 Individual Assignment Risky Situation CMGT.
For More Best A+ Tutorials CMGT 400 Entire Courses (UOP Course) CMGT 400 Week 1 DQ 1 (UOP Course)  CMGT 400 Week 1 Individual Assignments.
Camera PDR/CD1 Planning 19 September 2008
Chapter 7. Identifying Assets and Activities to Be Protected
Software Engineering Management
ISA 201 Intermediate Information Systems Acquisition
Systems Design.
CSULB Department of Electrical Engineering Thursday, October 19, 2017
CSULB Department of Electrical Engineering Thursday, October 19, 2017
How does a Requirements Package Vary from Project to Project?
IS4550 Security Policies and Implementation
CMGT 430 Competitive Success/snaptutorial.com
NTC 324 RANK Lessons in Excellence-- ntc324rank.com.
CMGT 430 Education for Service/snaptutorial.com
CMGT 400 Education for Service-- tutorialrank.com
CMGT 430 Teaching Effectively-- snaptutorial.com.
Chapter 5 Designing the Architecture Shari L. Pfleeger Joanne M. Atlee
Lockheed Martin Canada’s SMB Mentoring Program
CS 8532: Advanced Software Engineering
HART Technologies Process Overview
Presentation transcript:

Term Project Teams of ~3 students Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and server side) Submit a 1-2 page proposal to management (Dr. Hery) Assess risks, threats, vulnerabilities Develop a security policy Do a high level system security design Present a “preliminary design review” (PDR) to management (include risk analysis, policies, system architecture) Iterate on risk assessment, policy, design Present a final “critical design review” (CDR) to management and the class Write a final report to management on above

Example Project System should have at least 2 elements that communicate to perform a function  e. g., client server, peer to peer Pick a useful system, not an underlying technology Start with a “mission need statement”  e. g., “Provide a remote credit card verification service” State assumptions about environment  e. g., remote site is on a wired LAN connected to the Internet; verification data is on a well protected server connected to the Internet through a firewall

Example Project (continued) Your project should be somewhat more complex than this Make explicit (and probably realistic) assumptions about infrastructure Major project steps:  Thorough risk analysis  Develop security policies  Perform security system engineering. Use the policy to determine the security functions needed, and then to develop an architecture that has all the security functions and hardware, software components to enforce the security policies Major project deliverables:  Proposal  Preliminary design review  Critical design review to class  Final report on the design

Security System Engineering Process for Term Project (Simplified) Functional Rqmnts HL Design HL Sec Policy Legal Rqmnts Assets at Risk Corp/Org Policy HL Sec Design Threat Analysis Vulner. Analysis Detailed Design Detailed Sec Architect. Detailed Sec Policy Threat Analysis

Project Design Reviews Systems Requirements Review (SRR)  Usually, a first review before getting too far into the project, well before the PDR. We will combine them.  SRR is a presentation (with supporting documentation) to management and “the customer” to review all the requirements that are used as the basis for the system design and development. All later requirements and design decisions should be traceable back to these requirements.  Management has the right to impose changes on the requirements Preliminary Design Review (PDR)  The PDR is a presentation (with supporting documentation) to management and “the customer” showing the preliminary design, before detailed designs are developed. The purpose is to get the feedback on the design (from outside the design team) before it is too far along and to get “mid course correction”  Management may raise issues that are not addressed properly by the design Critical Design Review (CDR)  A final review of the detailed design before starting development, coding, COTS product selection and acquisition, custom product prototyping, etc.

PDR for the Term Project High level requirements:  Functional Requirements (what the system should do)  Risk analysis to identify assets that need to be protected  Any legal requirements  Any corporate or organizational security policies not included above  Write the High Level Security Policies High Level Design  Similar to what was in the proposals  For the project, this is only to define what needs to be protected.

PDR (Continued) Develop a full threat tree on the high level system design and use it to add to the high level policies Develop a high level security design/architecture based on the requirements  What security technologies and processes will be used (firewalls, crypto, IDS, etc.)  Where are they to be used Develop a “Security Compliance Matrix”  List all security requirements, and show what parts of the security technology and processes are used to meet the requirements Do a security requirements traceback  Show how each security technology or process is based on a requiremnt Present any security “trade studies”

SSE for PDR Functional Rqmnts HL Design HL Sec Policy Legal Rqmnts Assets at Risk Corp/Org Policy HL Sec Design Threat Analysis Vulner. Analysis Detailed Design Detailed Sec Architect. Detailed Sec Policy Threat Analysis

PDR (continued) PDR will be a 45 minute presentation to management The main purpose is to make sure the project is on the right track before you go too far. No grade will be assigned for this, only the completed project Presentation will be outside of class hours and scheduled during the weeks of March 22-March 29. See me to schedule a time. Supporting documents may be provided Electronic copies of all materials should be provided Management reserves the right to suggest additional requirements if you make the problem to easy :-) Management also reserves right to suggest a simplification of the problem to save you from yourself.

CDR for the term project The CDR will review the PDR material The other SSE tasks will be completed:  Detailed system design  Threat and vulnerability analyses  Detailed Security Policies written out  Detailed security design giving details such as  What is hardware versus software  Algorithms  Specific products, if appropriate  Trade studies to support choices, where appropriate The CDR will be a presentation to class and a full report (preferably using Word, or as a PDF)