Tuesday, February 8, 2022

Systems Security Engineering: A Primer

 Tags: advanced persistent threat; assurance; controls; cyber resiliency; cyber resiliency approaches; cyber resiliency design principles; cyber resiliency engineering framework; cyber resiliency goals; cyber resiliency objectives; cyber resiliency techniques; risk management strategy; system life cycle; systems security engineering; trustworthiness

Sources:

Discussion: Where can you go to learn how to engineer and develop secure systems?

Take a look at the newly released SP 800-160 Vol. 2 Rev. 1 to learn more about cyber-resilience. Specifically, cyber resiliency engineering “intends to architect, design, develop, implement, maintain, and sustain the trustworthiness of systems with the capability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises that use or are enabled by cyber resources.”

Know a smart architect or developer interested in strengthening their knowledge of security principles?

Have them read each of the sections below one week apart and test them over the content.

  • D.3 CYBER RESILIENCY TECHNIQUES....................................................................................................... 89
    • Basic concepts… e.g. ANALYTIC MONITORING
  • D.4 CYBER RESILIENCY IMPLEMENTATION APPROACHES....................................................................... 92
    • Expanded concepts briefly covered in D3… e.g. ANALYTIC MONITORING extrapolates into [1] MONITORING AND DAMAGE ASSESSMENT, [2] SENSOR FUSION AND ANALYSIS, and [3] FORENSIC AND BEHAVIORAL ANALYSIS
  • D.5 CYBER RESILIENCY DESIGN PRINCIPLES .......................................................................................... 109
    • Covers specific strategic design principles