Risk methodology for uocava voting systems
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Risk Methodology for UOCAVA Voting Systems PowerPoint PPT Presentation


  • 101 Views
  • Uploaded on
  • Presentation posted in: General

Risk Methodology for UOCAVA Voting Systems. TGDC Presentation Matt Scholl NIST, Information Technology Laboratory, Computer Security Division http://vote.nist.gov. Purpose Tutorial on Risk Methodology Definition of Terms Categorization Process Risk Decisions

Download Presentation

Risk Methodology for UOCAVA Voting Systems

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Risk Methodology for UOCAVA Voting Systems

TGDC Presentation

Matt Scholl

NIST, Information Technology Laboratory,

Computer Security Division

http://vote.nist.gov


Purpose

Tutorial on Risk Methodology

Definition of Terms

Categorization Process

Risk Decisions

Applying Risk Methodology to Voting

Agenda


Purpose

  • Present a methodology to solicit decisions and drive requirements for voting systems.

  • The methodology is based on the NIST Risk Management Framework.

    • A foundational approach for information system security used throughout U.S., state and local Governments, private industry, and other governments world-wide.

    • Use terms and definitions found in NIST information system security publications, standards and Federal laws.


Goal

  • The process will result in a set of security, auditability, human factors (usability, accessibility) mitigations molded to fit various voting architectures with varying levels of assurance and capabilities.

  • NIST will assist the TGDC in identifying and applying a risk methodology to UOCAVA voting systems.

  • The Risk Management Framework is used to make specific risk based decisions.

Security

Auditability

Accessibility/

Usability


Risk Methodology Tutorial

  • Brief the TGDC on NIST risk methodology for developing security controls.

  • Ensure the TGDC understands the information needed by NIST to develop the controls.

  • Define key terms.


Security Objectives

  • Confidentiality

    • Preserving authorized restrictions on information access and disclosure, including means for protection of personal privacy and proprietary information.

  • Integrity

    • Guarding against improper information modification or destruction, and include ensuring information non-repudiation and authenticity.

  • Availability

    • Ensuring timely and reliable access to and use of information.

      Source: 44 U.S.C Sec. 3542


Risk Approach

  • Risk is a function of the following:

    • Likelihood

    • Threat

    • Vulnerability

    • Impact

  • The NIST Risk Management Framework begins with assessing the potential impact on an organization should events occur to jeopardize the information and information system.


Examples of Voting Information Types

  • Example types of voting information:

    • Voted Ballot

    • Blank Ballot

    • Tabulation Reports

  • Example threats:

    • Loss of ballot secrecy

    • Incorrect ballot received by voter

    • Tabulation Reports cannot be accessed by voting officials


Example- Voting Categorization – Step 1


Impact Levels

  • High Impact – severe or catastrophic adverse effect

  • Moderate Impact – serious adverse effect

  • Low Impact – limited adverse effect

  • Why is this important?

    • Common framework for expressing security needs.

    • Aids in selection of appropriate security controls.

    • TGDC identifies possible criteria for determining voting-specific impact.

      Source: FIPS 199


Example- Voting Categorization – Step 2


Example- Voting Categorization – Step 2


Confidentiality

Voted Ballot

Loss of Ballot Secrecy

Low Impact

Moderate Impact

High Impact

Voting Categorization – Step 3


Confidentiality

Voted Ballot

Loss of Ballot Secrecy

Low Impact

Moderate Impact

High Impact

Voting Categorization – Step 3


Moderate Impact

Level

Examples of Architecture Types

Electronic Delivery/Mail Return

Kiosk

PC-based

Security Controls

Security Controls

Security Controls

Security Control Identification


Security Control Identification

  • Use the NIST SP 800-53 “NIST Recommended Security Controls for Federal Information Systems”.


Overall Structure


Overall Structure


Next Steps for Security

  • TGDC identifies possible:

    • Information types

    • Voting threats

    • Voting-specific impact criteria

  • NIST assists the TGDC in identifying and tailoring security controls for all impact levels and all architectures.

  • Refine security controls as architectures mature.

  • An impact level can be selected for each information type.

  • Using risk assessment – refine security controls as threats and vulnerabilities become known.


  • Login