™ ™ Assurance Ecosystem Djenana Campara Chief Executive Officer, KDM Analytics Board Director, Object Management Group (OMG) Co-Chair Software Assurance.

Slides:



Advertisements
Similar presentations
© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.
Advertisements

Control and Accounting Information Systems
Control and Accounting Information Systems
ARCH-01: Introduction to the OpenEdge™ Reference Architecture Don Sorcinelli Applied Technology Group.
Architecture-Driven Modernization PTF & Systems Assurance PTF Highlights from this Meeting: –SMM Update Standardization waiting on work that needs to be.
Job No/ 1 © British Crown Copyright 2008/MOD Developing a High Integrity Code Generator Using iUML/iCCG Sam Moody AWE plc, Aldermaston, Berkshire, United.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
CSCE 522 Building Secure Software. CSCE Farkas2 Reading This lecture – McGraw: Ch. 3 – G. McGraw, Software Security,
SOA e-Government Conference September 16, 2010 ™.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
2003 Indigo Technology, Inc. All Rights Reserved Integrated Process Teams Process Management Quality Assurance Configuration and Data Management Program.
By Collin Smith COBIT Introduction By Collin Smith
Risk Management Software Solutions Encierro Solutions.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
Software Evolution and Reverse Engineering Founded in 2004 Main aims: Analyze and define approaches, methodologies, techniques, tools able to support software.
Risk Assessment Frameworks
Vulnerability Assessments
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Release & Deployment ITIL Version 3
Information Technology Audit
SEC835 Database and Web application security Information Security Architecture.
Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.
What is Software Engineering?. Software engineering Multi-person construction of multi-version software (David Parnas) An engineering discipline whose.
Security Assessments FITSP-A Module 5
Slide 1 Highlights from this Meeting: –Submissions Reviewed: Software Assurance Evidence Metamodel (SAEM) Final Submission –RFPs / RFCs / RFIs reviewed:
NIST Special Publication Revision 1
Roles and Responsibilities
Software Testing Course Shmuel Ur
™ ™ © 2006, KDM Analytics Software Assurance Ecosystem and its Applications Djenana Campara Chief Executive Officer, KDM Analytics Board Director, Object.
Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
Building Capability.  In order to successfully operate an architecture function within an enterprise, it is necessary to put in place appropriate organization.
The Architecture Lecture September 2006 Cem Kaner CSE 1001.
7/12/20051 Integrity Transparency Consistency. 7/12/20052 What is The Association? A cross-industry group of organizations with an interest in achieving.
Basic of Software Testing Presented by The Smartpath Information System An ISO 9001:2008 Certified Organization
University of Palestine software engineering department Testing of Software Systems Testing throughout the software life cycle instructor: Tasneem.
Delivering results that endure Delivering Results that Endure Managing Risks in the Software Acquisition Process GFIRST Conference June 2007 Stan Wisseman.
International Software & Productivity Engineering Institute Today’s and Tomorrow’s ALM Solutions Vladimir L Pavlov, INTSPEI Chairman and Chief Strategy.
Object-Oriented Software Engineering using Java, Patterns &UML. Presented by: E.S. Mbokane Department of System Development Faculty of ICT Tshwane University.
Highlights from this Meeting: –Discussions on CISQ formation and how SysA PTF might contribute to this forum –Discussions related to System Assurance ISO.
High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005.
NIST SAMATE Project and OMG Michael Kass NIST Information Technology Laboratory March 11, 2008.
Corporate Governance Scorecard of SEC Nigeria
Slide 1 Highlights from this Meeting: –Submissions Reviewed: Software Assurance Evidence Metamodel (SAEM) Revised Submission –RFPs / RFCs / RFIs reviewed:
Parastoo Mohagheghi 1 A Multi-dimensional Framework for Characterizing Domain Specific Languages Øystein Haugen Parastoo Mohagheghi SINTEF, UiO 21 October.
SwA Co-Chair and Task Lead Strategy Session Agenda Technology, Tools and Product Evaluation Working Group Status Briefing Co-Chair(s) Michael Kass (NIST),
All Contents © 2007 Burton Group. All rights reserved. Measuring Enterprise Architecture Success Information Technology Conference 2009 April 15-16, 2009.
Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 Click to edit Master title style What is Business Analysis Body of Knowledge?
T EST T OOLS U NIT VI This unit contains the overview of the test tools. Also prerequisites for applying these tools, tools selection and implementation.
Configuration Control (Aliases: change control, change management )
“OMG: Not your Father’s CORBA Organization Any Longer” The OMG System Assurance Task Force’s SwA Ecosystem Dr. Ben Calloni, P.E. CISSP, CEH, OCRES Professional.
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
Consumers of FDTF standards
Software Analytics Platform
EOSC MODEL Pasquale Pagano CNR - ISTI
Identify the Risk of Not Doing BA
WEBINAR: Becoming Agile In Software Testing: The Government Edition
An Urgent National Imperative
Chapter 27 Security Engineering
Data Governance & Management Skills and Experience
White Box testing & Inspections
Presentation transcript:

™ ™ Assurance Ecosystem Djenana Campara Chief Executive Officer, KDM Analytics Board Director, Object Management Group (OMG) Co-Chair Software Assurance and Architecture Driven Modernization TF, OMG

™ (2) © 2010, KDM Analytics Engineering, Assurance and Risk Engineering, Assurance and Risk are intimately related To assure a system means to ensure that System Engineering principles were correctly followed in meeting the security goals. Additional guidance provided for System Assurance is based on the developing threats and prioritizing risks Today, the risk mgmt process often does not consider assurance issues in an integrated way resulting in project stakeholders unknowingly accepting assurance risks that can have unintended and severe security issues. System assurance can not and should not be executed as an isolated business process at a specific time in the program’s schedule, but must be executed continuously from the very earliest conceptualization of the program, to its fielding and eventual disposal.

™ (3) © 2010, KDM Analytics System Assurance - Reducing Uncertainty Associated with Vulnerability While Assurance does not provide additional security services or safeguards, it does serve to reduce the uncertainty associated with vulnerabilities resulting from Bad practices Incorrect safeguards Product of System Assurance is justified confidence delivered in the form of Assurance Case TYPES OF EVIDENCES FOR ASSURANCE CASE

™ (4) © 2010, KDM Analytics Confidence as a Product Confidence is produced by system assurance activities, which include a planned, systematic set of multi-disciplinary activities to achieve the acceptable measures of system assurance and manage the risk of exploitable vulnerabilities Characteristics of Confidence as a product acceptable reproducible transferable measurable Producing and packaging confidence needs to be done in objective and cost-effective way

™ (5) © 2010, KDM Analytics Achieving Comprehensiveness, Objectivity and Automation Key Requirements Vulnerability knowledge is understood, captured and managed as assurance compliance points in the form of standardized specifications. Discovery and unified representation of system artifacts were higher level of abstractions (e.g. design, architecture and processes) do not loose its grounding traceability in the code Relation between discovered system artifacts and high level requirements, goals or policies that implemented artifacts represent, providing end-to-end traceability Standard based tooling environment that would provide higher automation in achieving the ultimate goal by integrating large set of tools to offset their limitations and weaknesses and integrating their strengths.

™ (6) © 2010, KDM Analytics Software Assurance (SwA) Ecosystem – Standard-based Solution Standard-based integrated tooling environment that dramatically reduces the cost of multi-disciplinary software assurance activities Based on integrated ISO/OMG Open Standards Semantics of Business Vocabulary and Rules (SBVR) For formally capturing knowledge about vulnerabilities Knowledge Discovery Metamodel (KDM) Achieving system transparency in unified way Software Assurance Metamodel: Argumentation Metamodel (ARM) and Software Assurance Evidence Metamodel (SAEM) Intended for presenting Assurance Case and providing end-to-end traceability: requirement-to-artifact Software Metrics Metamodel Representing libraries of system and assurance metrics SwA Ecosystem is expending: OMG SysA TF developing and integrating standards in area of Threat Risk Assessments and defining Security Vocabulary.

™ (7) © 2010, KDM Analytics Compliance with Software Assurance (SwA) Ecosystem Pilot investment by DoD, NIST and DHS to demonstrate the value of SwA Ecosystem 18 CWEs formalized (machine readable) into Software Fault Patterns – creating assurance compliance points Test Case Generator to automatically produce test cases to evaluate/test static analysis tools DoD Research Expending in area of Software Fault Patterns (SFP) 50 SFP representing whitebox representation of 302 CWEs Open Source GCC to KDM transparency – to be completed by April 2010 Available SwA compliant tools Assurance Case tool from Adelard and Artisan KDM tools from KDM Analytics, Benchmark Consulting, MicroFocus, MIA-software (France) SBVR tool from Business Semantics Standard-based approach to Assurance ensures investment into coordinated strategy instead proprietary tools

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.