Overview of AEEC Information Security CONOPS. Vic Patel, FAA/ATO-P WJHTC Security Engineering Simon Blake-Wilson, BCI and FAA April 19, 2004. AEEC Information Security Background. AEEC is an association of airlines, organized by ARINC, that develop standards for avionics
Vic Patel, FAA/ATO-P WJHTC
Simon Blake-Wilson, BCI and FAA
April 19, 2004
Step 2: Select and implement security controls
Step 3: Operate and manage security controls
CONOPS Information Security Process (Cont)
Step 1.2.1: Analyze risks
Step 1.2.2: Identify policies
1.2.3: Determine environment and assumptions
1.3: Characterize security objectives
Step 1: Security Needs and Objectives
Airline Info. Services
Pass. Info. and Entertain
and Embedded Control
Airline Approved 3rd Parties
Data Link Services
Air/Ground Broadband Services
Step 1.1: Asset Identification
Identify information types.
Initial step to estimate how important security is for system.
Identify threats based on high-level framework.
Assess threat likelihood and severity using High/Medium/Low.
Severity can be derived in part from hazard analysis.
Identify policies that may affect security choices.
Identify drivers for selection of security controls.
Select security controls based on needs and objectives.