Thursday, October 27, 2011

Workflow for Analyzing Security Context

We handled complex systems in the subsurface Navy, including Sonar, Navigation, Missile Controls, Reactor, Steam, Hydraulic, Water, Air, Electrical, Propulsion, and many, many others necessary to sustain life in a steal tube for months at a time under water.

There are several parallels to the complex infrastructures I work with in IT. The program for training 18-19 year old kids in less than two years to operate billion dollar reactors is incredibly effective. The success of the program hinges on several important factors, including top-notch training that I haven't experienced in any of the dozens of schools I've attended since leaving the military. They drill, drill, drill the concepts of controls in systems engineering, system integrity, monitoring, and response. You can summarize the operational processes for handling - and providing assurance for - complex systems in the five step cycle of Provision-Configure-Validate-Monitor-Respond. The workflow is show here in the Illustration below. In the coming days I will dig into this further to explain each of the processes and how they interrelate.