1 / 12

Enhancing Cybersecurity: Information Systems Security Engineering in the System Lifecycle

This article by James F. Davis discusses the critical role of Information Systems Security Engineering (ISSE) in the Systems Engineering Lifecycle. It addresses the growing security challenges faced by the Federal Government and commercial sectors, highlighting the need for integrating Information Assurance (IA) proactively into the Software Development Life Cycle (SDLC). The article presents ISSE as a systematic approach to designing secure systems, emphasizing the importance of confidentiality, integrity, and availability in safeguarding information. It concludes with recommendations for fostering awareness and expertise in security engineering across academia, industry, and government.

shae
Download Presentation

Enhancing Cybersecurity: Information Systems Security Engineering in the System Lifecycle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. James F. Davis, "Information systems security engineering: a critical component of the systems engineering lifecycle," ACM SIGAda Ada Letters, December, 2004, 13-18.  Information Systems Security Engineering: A Critical Component of the Systems Engineering Lifecycle Kevin BehrSE 516 – Technical Article Presentation

  2. Introduction • Presented before Congress (Sept. 2003): • “…there is a growing problem with the security of our cyberinfrastructure…” • Federal Government • Commercial Off-the Shelf Software (COTS) • My Experience • Why? No focus on Information Assurance in the Systems Development Life Cycle (SDLC)

  3. Information Assurance • What is Information Assurance (IA)? • The protection of information and information systems by ensuring: • Confidentiality • Integrity • Authentication • Availability • Non-Repudiation • Where is IA handled in the SDLC today?

  4. NSA sponsored framework (2002)

  5. IA (cont’d) • Due to high upfront costs and lack of end user awareness, IA is implemented post hoc • Most users choose features, convenience, and performance over security • Rising demand for IA awareness requires a new approach

  6. Information Systems Security Engineering (ISSE) • What is ISSE? • “the systematic approach to building IA techniques and tools within a software systems engineering process.” • NSA: “the art and science of discovering users’ information protection needs and then designing and making information systems, with economy and elegance, so they can safely resist the forces to which they me be subjected.” • Objective of ISSE • Addressing IA from the beginning of the SDLC… • Approaching IA proactively to prevent need for security fixes

  7. SDLC with ISSE

  8. ISSE (cont’d)

  9. ISSE realization within… • Federal Government • “is making progress and is moving to a system-wide acceptance of ISSE” • International Information Systems Security Certification Consortium (ISC) • Information Systems Security Engineering Professional (ISSEP) • Industries • Demand for Security Engineers and ISSE principles is growing (in support of federal and commercial missions) • Increasing residential bandwidth and globalization • Academia • Response has been broadened by federal ventures • Design for Securability

  10. Recommendations • In order to incorporate IA in today’s system’s, ISSE is needed • Build security engineers from the ground up • Academia • End User realization • Incorporation of ISSE principles • Certification Processes

  11. Conclusion • There exists a fundamental need for ISSE • What is ISSE • Use of ISSE Today • Federal, Corporate, Academic • Critical component of SDLC • Without ISSE, post hoc security • System vulnerabilities • Long run failures and costs • Growing Academic and Industrial awareness

  12. Our Role (as SE students)? • Think about the security needs for our Graduate Thesis System – are there any? • How do we find out? • What can we do to ensure IA? • Interface Restrictions • Encryption • Code Minimalization • Etc.

More Related