1 Systems Security Engineering Working Group Activities at IW08 INCOSE Enchantment Meeting February 13, 2008 John W. Wirsbinski.

Slides:



Advertisements
Similar presentations
IT Governance & Quality Management
Advertisements

Managing Compliance Related to Human Subjects Research Review Joseph Sherwin, Ph.D. Office of Regulatory Affairs University of Pennsylvania Fourth Annual.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
No 1 IT Governance – how to get the right and secured IT services Bjorn Undall and Bengt E W Andersson The Swedish National Audit Office Oman
1 System Engineers Toolbox 1 Compliance Automation, Inc. INCOSE: NM Enchantment Chapter By Cheryl Hill August 12, 2009.
Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.
Requirements Working Group Overview June 24-25, 2007 San Diego, CA.
ASTM International Officers Training Workshop September 2012 Pat Picariello, Director, Developmental Operations 1 Strategic Planning & New Activity Development.
September 2013 ASTM Officers Training Workshop September 2013 ASTM Officers Training Workshop Strategic Planning & New Activity Development September 2013.
Integrating the NASP Practice Model Into Presentations: Resource Slides Referencing the NASP Practice Model in professional development presentations helps.
Ability-Based Education at Alverno College. Proposed Outcomes for Session 1. To introduce you to Alvernos approach to designing integrative general education.
DS-01 Disaster Risk Reduction and Early Warning Definition
Remote Sensing at the service of Natural Disasters Warning: the Contribution of the Supersites Concept Professor Stuart Marsh Co-Chair GEO Institutions.
1 Introduction to Transportation Systems. 2 PART I: CONTEXT, CONCEPTS AND CHARACTERIZATI ON.
SOA for EGovernment 1 Emergency Services Enterprise Framework: A Service-Oriented Approach Sukumar Dwarkanath COMCARE Michael Daconta Oberon Associates.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Introduction ATMCP and Performance Dominique Colin de Verdière (CENA) Bernard Miaillier (Eurocontrol) TIM9 - ATMCP-RTSP May 2002.
Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Importance of community-based services for persons with disabilities: Availability and quality International frame June 2012,Belgrade Dr.Vasilka.
Securing Emerging Mobile Technology JOHN G. LEVINE PH.D. D/CHIEF ARCHITECTURE GROUP 13 SEP
Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.
Airport Sustainability is a holistic approach to managing an airport to ensure Economic viability, Operational efficiency, Natural resource conservation,
1 INCOSE Chesapeake Chapter Enterprise SE Panel Discussion L. Mark Walker/LMC 21 March 2007.
TQA CONCEPTS & CORE VALUES
Khammar Mrabit Director Office of Nuclear Security
1 NEST New and emerging science and technology EUROPEAN COMMISSION - 6th Framework programme : Anticipating Scientific and Technological Needs.
What can Europe learn from New Zealand’s experience with commercial stakeholders engagement in fisheries research and management? Steven Mackinson.
CSTA K-12 Computer Science Standards (rev 2011)
1 Protecting the Long Island Business Community A Public Safety Partnership.
Learning organization and knowledge management
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.
ERS Overview 5/15/12 | Page-1 Distribution Statement A – Cleared for public release by OSR, SR Case #s 12-S-0258, 0817, 1003, and 1854 apply. Affordable,
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Stephen S. Yau CSE , Fall Security Strategies.
The ISO 9000 family of standards
Emergency Management & Homeland Security Interface Samuel Musa National Defense University.
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
Information Technology Audit
SEC835 Database and Web application security Information Security Architecture.
Connecting Workforce Development, Education and Economic Development Through Cluster- Based and Career Mapping Strategies The National Association of State.
Panel Three - Small Businesses: Sustaining and Growing a Market Presence Open Interfaces and Market Penetration Protecting Intellectual Innovation and.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
IS Methodologies. Systems Development Life Cycle - SDLC Planning Planning define the system to be developed define the system to be developed Set the.
Randy Beavers CS 585 – Computer Security February 19, 2009.
Integral Health Solutions We make healthcare systems work in harmony.
Theme 2 Developing MPA networks Particular thanks to: Theme 2 Concurrent Session Rapporteurs, Dan Laffoley, Gilly Llewellyn G E E L O N G A U S T R A L.
1 Power to the Edge Agility Focus and Convergence Adapting C2 to the 21 st Century presented to the Focus, Agility and Convergence Team Inaugural Meeting.
John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.
Castlebridge associates | | Castlebridge changing how people think about information How to Implement the.
Building Systems for Today’s Dynamic Networked Environments A Methodology for Building Sustainable Enterprises in Dynamic Environments through knowledge.
1 KM Track Overview & Gaining Value from Knowledge -- Knowledge Management (KM) and the Contracting Professional Breakout Session # 119 Name: Gaining.
1 Office of ASG/CITO Crisis Information Management Strategy UNGIWG-11, Geneva 15 March 2011 A written consent by the UN is required to use the information.
Strategic Plan: Goals, Objectives & Success Measures Administrative Forum, South Campus June 17,
CS457 Introduction to Information Security Systems
Update from the Faster Payments Task Force
Crisis management related research at
TeleManagement Forum The voice of the OSS/BSS industry.
Strategic Planning for Learning Organizations
UNDG Coordination Toolkit
Chapter Leader Training Unit 2 - Certification - Technical Operations
Capex to Opex: Are You Ready?
Strategy Review, Evaluation, and Control
Strategy Review, Evaluation, and Control
Presentation transcript:

1 Systems Security Engineering Working Group Activities at IW08 INCOSE Enchantment Meeting February 13, 2008 John W. Wirsbinski

2 A Brief History of the Working Group

3 Genesis of the Working Group? How we got started –Idea was proposed at IW06 during Specialty Engineering Enabler workshop Why INCOSE –ASIS –ISSA Why an SSE Group? –ATIWG

4 SSE is Not: PhysSec COMPUSEC/ Information Systems Security COMSEC INFoSEc OPSEC Prodsec KeySEC TSCM Counter-intelligence Psyops Insider Protection Anti-terrorism Counter-terrorism Business Continuity and Disaster Recovery Etc.

5 What is SSE An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities. It uses mathematical, physical, and related scientific disciplines, and the principles and methods of engineering design and analysis to specify, predict, and evaluate the vulnerability of the system to security threats. 1 1 Handbook for Systems Security Engineering Program Management Requirements, D.o. Defense, Editor. 1995, Headquarters Air Force Systems Command, Office of the Chief of Security Police.

6 Alternate (LMC) Definition SSE is a technical discipline that uses a systems engineering approach to determine the total protection for a system or program in all protection disciplines: physical, information, information systems, communications, personnel, operations, product, and emissions.

7 Working Group History Established at IW07 –18 attendees –Established leadership John Wirsbinski – chair Rick Dove – co-chair –First activities Collect supporting evidence and examples Write Manifesto Meeting at IS07 –Discussed evidence and examples

8 Working Group Status Members –~40 members –~5 INCOSE leadership membership 2007 Products –Charter –INCOSE Connect Site – Reflector –Public information page on INCOSE website –Draft Manifesto Proposal –Modify name to avoid confusion with Systems Science Enabler (SSE) working group

9 Working Group Charter The Systems Security Engineering Working Group (SSEWG) was established in response to observations that current methods of integrating security into systems and enterprises are not working – security is costing more (operationally and financially) and our vulnerability is holding constant or increasing. In response the SSEWG was established to identify or develop systems engineering methods to: 1) provide security solutions that are harmoniously integrated into systems 2) ensure that security capabilities and requirements are adequately considered in systems engineering activities.

10 Security Manifesto We speak here of security. Not narrowly of only cyber or physical security, but total system security – that which provides the faith and trust we want in continued safety, service, and economic effectiveness of the systems we count on as part of life in society… We hold these truths to be self evident: –that engineered systems are designed for purpose; –that they are engineered by their designers to meet certain fundamental requirements; –that among these are security, safety, service, and the pursuit of economic effectiveness; –that to secure these requirements design principles are instituted among the community of engineers, deriving their just nature from first principles, natural laws and best practice; –that whenever such principles become inadequate to these ends, it is the responsibility of the community to abolish them, and to institute new principles that shall seem most likely to deliver security, safety, service, and effectiveness.

11 Security Manifesto-System Engineering Practices –employ holistic systems thinking; –assume penetration always and constantly; –define and embody resilient reactive concepts; –define and embody innovative proactive concepts; –integrate physical and cyber security; –embed security within system architecture; –represent meaningful measures of risk and security-effectiveness; –identify and address the realities of the environment, including: human behavior, organizational behavior, technology pace, systems complexity, globalization, agile enterprise practices, and agile adversaries; –remain both vigilant and innovative as expressions and possibilities of reality continue to change; Traditional Risk analysis is based upon history – Forecasting is a different beast that may be more amenable to the problems we are facing

12 Assertions Embodied in Manifesto Security is an implicit systems engineering responsibility that must be made explicit Adversaries –Adversaries are agile –Adversaries exist in an open community –We cannot rely on a fortress approach Systems are too complex to test out vulnerabilities –Networked / Distributed systems –We dont control or design everything to which our systems connect Cylinders of excellence (aka stovepipes) create exploitable vulnerabilities Success lies in: –Forcing the adversaries to adapt to us –Responding efficiently when the adversaries get ahead of us

13 We Need … Systems engineering to explicitly embrace security –Security as value added –Security as an architectural characteristic Systems tools and techniques to address security problems –Problem structuring methods to understand and characterize security problems –Security solutions that are Agile –Security for decentralized systems Working group members interested in working to address these issues Products that will be valuable –Effective –Transparent to systems users –Implementable by systems architects and engineers –Affordable

14 Future Activities Theme for July 2009 Insight –The Interplay of Architecture, Security, and Systems Engineering

15 Provide a view of what has to be in a government proposal (Josh S.) Survey of patterns for thought/strategy/principles (John W.) Structural pattern types related to strengths and weaknesses (Rick D.) Architectural views and relationships to security(structure/ behavior/ principles/ temporal/ context/ qualities) (Mike W.) – encompasses concept of security architecture Simulation tools to help explore and test architectural strategies (Bandit G.) Placement of security in existing architectural frameworks (Jackson W.) Use case application in characterizing security …. (John H.) Best practice collections illuminating architecture-embedded security (David D.) Vertical relationships (architectural layers) … embedded layering (Marcos C.) Horizontal relationships(interoperability) of system-system (Rick D.) Security as an emergent quality (Rick D.) Security as an externalized property (Jackson W.) Catalysts that sustain/maintain/stimulate security (John W.) Security System as a football (or other ) metaphorical pattern (John H.) Security view vs incorporating security in the existing architectural views Security architectural patterns (value propositions of): 1) security that emerges from an agglomeration of parts in the total system (emergent), 2) security inherent in each part of a system (encapsulated), 3) security as an independent put servicing function Architectural concepts that facilitate/impede graceful/clumsy migration into the future Potential Essay Topics

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.