Tags: advanced persistent threat; assurance; controls; cyber resiliency; cyber resiliency approaches; cyber resiliency design principles; cyber resiliency engineering framework; cyber resiliency goals; cyber resiliency objectives; cyber resiliency techniques; risk management strategy; system life cycle; systems security engineering; trustworthiness
Sources:
- Systems
Security Engineering (SSE) Project | CSRC (nist.gov)
- SP
800-160 Vol. 1, Systems Security Engineering: Trustworthy Secure Systems |
CSRC (nist.gov)
- SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: SSE Approach | CSRC (nist.gov)
Discussion: Where can you go to learn how to engineer and develop secure systems?
Take a look at the newly released SP 800-160 Vol. 2 Rev. 1 to learn more about cyber-resilience. Specifically, cyber resiliency engineering “intends to architect, design, develop, implement, maintain, and sustain the trustworthiness of systems with the capability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises that use or are enabled by cyber resources.”
Know a smart architect or developer interested in
strengthening their knowledge of security principles?
Have them read each of the sections below one week apart and test them over the content.
- D.3 CYBER RESILIENCY
TECHNIQUES.......................................................................................................
89
- Basic concepts… e.g. ANALYTIC MONITORING
- D.4 CYBER RESILIENCY IMPLEMENTATION
APPROACHES.......................................................................
92
- Expanded concepts briefly covered in D3… e.g. ANALYTIC
MONITORING extrapolates into [1] MONITORING AND DAMAGE ASSESSMENT, [2]
SENSOR FUSION AND ANALYSIS, and [3] FORENSIC AND BEHAVIORAL ANALYSIS
- D.5 CYBER RESILIENCY DESIGN PRINCIPLES
..........................................................................................
109
- Covers specific strategic design principles