Stevens Institute of Technology
Download
1 / 13

Space Mission Analysis and Design Project Col Doug Kirkpatrick and ... - PowerPoint PPT Presentation


  • 247 Views
  • Uploaded on

Stevens Institute of Technology Security Systems Engineering. Jennifer Bayuk Cybersecurity Program Director School of Systems and Enterprises [email protected] Stevens Institute Security Research. National Center for Secure and Resilient Maritime Commerce

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Space Mission Analysis and Design Project Col Doug Kirkpatrick and ...' - daniel_millan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Stevens Institute of Technology

Security Systems Engineering

Jennifer Bayuk

Cybersecurity Program Director

School of Systems and Enterprises

[email protected]


Stevens institute security research l.jpg
Stevens Institute Security Research

  • National Center for Secure and Resilient Maritime Commerce

  • Naval Security Infrastructure Technology Laboratory

  • Center for the Advancement of Secure Systems and Information Assurance

    • National Cybersecurity Center of Excellence in Information Assurance Education

    • National Cybersecurity Center of Excellence in Information Assurance Research

  • Leader of the DoD University Affiliated Research Center for Systems Engineering Systems Security Core Research Topic

Why new focus on Systems Engineering Security?


Slide3 l.jpg

Token Admin

Remote Access Server

VPN

Secure Storage

LAN

User Workstation

User Terminal

Procedure

Policy Servers

Proxy

Server

Wireless

VPN

::::::

::::::

::::::

IDS

IPS

Certificate

Authority

Identity

Mgmt

Firewall

Firewall

Firewall

Email Server

Isolate and Harden Servers

IPS

IDS

External Servers

WAFW

Personal Computers

Web Servers

AntiVirus

Mgmt

Server Farm

EXTERNAL THREATS

Physical Perimeter

Content

Filters

V

SIM

Key Management

Multiplexor

  • Modem

  • Modem

Mainframe

Time Sharing or Bulletin Board Service

Online Services and Outsourcing Arrangements

Router

Internet

Router

The Problem

Current attacker path to data


Slide4 l.jpg

SERC Security Engineering

Research Roadmap

  • Define systems security

  • Measure systems security

  • Devise system security frameworks

  • Improve the proficiency of the security engineering workforce


Slide5 l.jpg

Security Roadmap

1. Define systems security

  • Reassess periphery models

  • Focus on whole systems

  • Examine interfaces and interactions

  • Understand similarities and differences across domains


Slide6 l.jpg

Security Roadmap

2. Measure systems security

  • Achievable and comparable security attributes

  • Outcome-based rather than vulnerability-based

  • Identify systemic value of currently available control standards

  • Identify and measure trade-offs with respect to security features


Slide7 l.jpg

Security Roadmap

3. Devise systems security frameworks

  • Include policy, process and technology

  • Provide basis for evaluation

  • New classes of system-level solutions

  • Security-receptive architectures


Slide8 l.jpg

Security Roadmap

4. Improve the proficiency of the security engineering workforce

  • Encourage and educate workforce

  • Operational security requirements

  • Community force multipliers

  • Engage stakeholders


Slide9 l.jpg

Example:

Systemic Security

Systemigram software from: Boardman and Sauser, Systems Thinking: Coping with 21st century problems, Taylor & Francis, 2008.


Slide10 l.jpg

::::::

Example System



Slide12 l.jpg

Discovery

3

4

5

1

2

ISO 27005:2008

Security Risk Assessment

Task Order:

1. Identification of assets

2. Identification of threats

3. Identification of existing controls

4. Identification of vulnerabilities

5. Identification of consequences



ad