Security Objectives University of Sunderland CSEM02 Harry R. Erwin, PhD.

Slides:

Advertisements

Similar presentations

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Advertisements

Primary aim: Understand how a political agent derives the right to make decisions about an ip. How industrial policy is legitimized in the EU.

The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

How to Prepare for the Fall Exam COM380/CIT304 Harry Erwin, PhD University of Sunderland.

1 Review Topics 1.Basic understanding of a business process 2.The relationship of a business process with a work flow 3.The different types aspects and.

1 COSYSMO 3.0: Future Research Directions Jared Fortune University of Southern California 2009 COCOMO Forum Massachusetts Institute of Technology.

Sell More TWS AutoSys to TWS Conversion Service

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Complying With The Federal Information Security Act (FISMA)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Security Policies University of Sunderland CSEM02 Harry R. Erwin, PhD.

Administration Of A Website Site Architecture October 20, 2010.

UK GRID Firewall Workshop Matthew J. Dovey Technical Manager Oxford e-Science Centre.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.

Introduction to System Analysis and Design - Dr. Mahmoud Abu-Arra - Dr. Mahmoud Abu-Arra - Mr. Ahmad Al-Ghoul System Analysis and Design.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

©Fraser Hutchinson & Cliff Green C++ Certificate Program C++ Intermediate Access Control.

Security Architecture

Information Security has Failed What Next? Professor Richard Walton CB Royal Holloway 6 September 2014.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

Creator: ACSession No: 16 Slide No: 1Reviewer: SS CSE300Advanced Software EngineeringFebruary 2006 (Software Quality) Configuration Management CSE300 Advanced.

MySQL and GRID Gabriele Carcassi STAR Collaboration 6 May Proposal.

Identification and Authentication University of Sunderland COM380 Harry R. Erwin, PhD.

Introduction University of Sunderland CIT304 Harry R Erwin, PhD.

Database Administration COMSATS INSTITUTE OF INFORMATION TECHNOLOGY, VEHARI.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

ODFW Habitat Mitigation Policy and Energy Facility Siting.

— Customer Success Team August / 2015 Remedyforce Enablement Kit Migration from CMDB 1.0 to 2.0.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

CSE 303 – Software Design and Architecture

Assumptions of Secure Operation University of Sunderland CIT304 Harry R. Erwin, PhD.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

1 What does Cybersecurity Risk Management at UW-Madison look like? Initiate DesignImplement Operate & Maintain Operate it Securely Build it Right RMF Categorize.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Basic Security Concepts University of Sunderland CSEM02 Harry R Erwin, PhD.

Basic Security Concepts University of Sunderland CIT304 Harry R Erwin, PhD.

Risk Assessment What is good about the Microsoft approach to threat modeling? What is bad about it? OCTAVE…  Advantage: ___________  Disadvantage: ___________.

The State of the State Coastal Policy. What is it, and why have one? ▪ State policies are intended to represent a statewide position on certain policy.

Assumptions of Secure Operation University of Sunderland CSEM02 Harry R. Erwin, PhD.

OCTAVE By Matt White. OCTAVE  OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a risk-based strategic assessment and planning.

DAY 3 – SESSION 3 ICT4D DATA PRIVACY & PROTECTION GUIDELINES.

The NIST Special Publications for Security Management By: Waylon Coulter.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

Gilda certificates. Certification Authority

Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

Security Development Lifecycle (SDL) Overview

(3.6) General requirements on resources for the establishment of IMS

Requirements Engineering (continued)

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

Prescribed Fire Effects Monitoring

VP, Institutional Services

Summary of Previous Lecture

SEC 400 Competitive Success/snaptutorial.com

Module Summary BGP is a path-vector routing protocol that allows routing policy decisions at the AS level to be enforced. BGP is a policy-based routing.

CompTIA Security+ Study Guide (SY0-501)

Enterprise/Security Alignment Review

Cyber security Policy development and implementation

DATABASE SECURITY For CSCL (BIM).

Introduction to: National Response Plan (NRP)

National Interest & Foreign Policy

Course of Action Development

Fiscal policy program Presented by Cindy Draper, Fiscal Policy Officer – Training Days 2018 Introduce myself This session is to provide an overview of.

Introduction to Fiscal Policy Program

Basic Systems Management Employing Security Policies

Presentation transcript:

Security Objectives University of Sunderland CSEM02 Harry R. Erwin, PhD

What are Security Objectives? Security objectives are the things you do to: –Enforce security policies –Mitigate risks Security objectives may be met by: –Things the system does to protect itself, and –Things you can assume the environment does for the system.

CCTool An expert system to aid in security analysis. No longer supported by NIAP/NIST/NSA. Still available from the module website. Discusses security objectives and requirements. Available at Sunderland as the UoSTool

The Security Mapping Process CCTool Manual

Security Analysis Relationships CCTool Manual

Security Objectives Result in Security Requirements CCTool Manual

Security Objectives “The results of the analysis of the security environment can then be used to state the security objectives that counter the identified threats and address identified organizational security policies and assumptions. The security objectives should be consistent with the stated operational aim or product purpose of the system, and any knowledge about its physical environment.” CCTool Manual

Intent of the Objectives “The intent of determining security objectives is to address all of the security concerns and to declare which security aspects are either addressed directly by the system or by its environment. This categorization is based on a process incorporating engineering judgment, security policy, economic factors and risk acceptance decisions.” CCTool Manual

Example Objectives O.AC_Label_Export: Object security attributes and exportation. O.Access_History: Access history for user session O.Admin_Code_Val: Administrative validation of executables O.Admin_Guidance: Administrator guidance docummentation

To Explore This Further Run CCTool (available on the terraces)