Systems Engineering and the Security Imperative INCOSE Las Vegas September 15-18 Rick Dove Chairman,...
-
Upload
giles-stanley -
Category
Documents
-
view
212 -
download
0
Transcript of Systems Engineering and the Security Imperative INCOSE Las Vegas September 15-18 Rick Dove Chairman,...
Systems Engineering and the Security Imperative
INCOSELas Vegas
September 15-18
Rick Dove
Chairman, Agile Security Forum
(an open participation initiative in formative stage)
www/parshift.com/AgileSecurityForum
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Security Strategy Elements
Policy: Goals, and principles governing how goals may be attained.
Procedure: Proscribed method for satisfying policy.
Practice: Implementation that carries out procedure.
Security Strategy Is...
a business system,
not a collection of vendor technologies.
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Policy (Goals) Procedure (Methods) Practice (Execution) Principles - general and contextual expectations, and organizational behavior
Compliance
Risk level
Human behavior
Tradeoffs - risk vs user productivity
Controls - code quality assurance checks, audit trails, practice audits, personnel monitoring and validation, enforcements, etc
Process methodologies - Governance, disaster recovery, sys admin rules, hiring/firing rules, code quality rules, external organization interconnect, identity management, service level agreements, etc
Networks - internal and external infrastructure
Applications - software development, acquisition and life cycle management
Appliances - hardware/ software development, acquisition and life cycle management
Services – development, acquisition and life cycle management
Activities - procedure execution and management
Examples
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Information Security - Today
The Facts Vulnerability – Increasing points and modes of
attack Threat – Increasing attackers and incidents Risk – Increasing value available for
compromise
The Result Time stolen by security measures is increasing Money invested in security measures is increasing Effectiveness and life-cycle of security measures are decreasing
ROI is Declining!
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Security's Seven Ignorances of Reality
1. Human Behavior – Human error, whimsy, expediency, arrogance, ...
2. Organizational Behavior – Survival rules rule, nobody's in control, ...
3. Technology Pace – Accelerating vulnerability-introductions, ...
4. System Complexity – Incomprehensible, unintended consequences, ...
5. Globalization – Partners with different ethics, values, infrastructures, ...
6. Agile Enterprise – Outsourcing, on-demand, webservices, transparancy, ...
7. Agile Attackers – Distributed, collaborative, self organizing, proactive, ...
For 50 years of IT-progress,
management policy/procedure/practice
has followed behind ... patching potholes.
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Maintaining Systems in Unstable States
Takes Constant Energy Input
Reality LandscapeOrg
Beh
avio
r
Hu
man
Beh
avio
r
Expecting or enforcing ideal and repetitive behavior ignores reality...and is not a substitute for Strategy
PenaltiesRegulation
LawsLitigation
RulesThreats
SecurityProcess
SecurityProcess
Att
acke
r B
ehav
ior
SP
SP
SP
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
A Rational Strategy Requires New Knowledge
A rational view of the problem:
Reality bites – what is its nature? The problem is bigger than technology – what is its nature? The situation is in constant flux – what is its nature?
A rational view of the solution:
You are compromised – now what? Situation in constant flux – what is proactive response-ability? Excellence – what is its nature?
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
ProblemAnalysisFrwks
Focus
Policy
Procedure
Practice
include
dealing with
RealityIssues
TechnologyPace
AgileEnterprise
HumanBehavior
SystemsComplexity
Globalization
OtgBehavior
AgileAttack
Community(Perhaps
More)
arising from
Problem AnalysisKnowledge Frameworks
Correction
Variation
Expansion
Creation
Improvement
Migraation
Reconfig-uration Modification
with reactivedomains of
with proactivedomains of
SituationAgility
Agile Security Forum Pathfinder Initiativewww/parshift.com/AgileSecurityForum
The Bite Problem Breadth Situation Flux
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
SolutionFitnessFrwks
ExcellencePrinciples
RequisiteVariety
Parsimony
Delight
include
of
AgilePrinciples
SelfContained
Units
PlugCompatibility
FacilitatedReuse
EvolvableFramework
ElasticCapacity
SelfOrganization
DeferredCommitment
DistributedCtrl & Info
Redundancy& Diversity
Peer-PeerInteraction
of
Solution FitnessKnowledge Frameworks
VulnerabilityAnticipation
Prudence
Transfor-mation
Detection
Containment
Mitigation
Threat/RiskAnticipation Assessment
with proactivedomains of
with reactivedomains of
RealityObjectives
Migration Recovery
Accountability(proactive)
Accountability (reactive)
Situation Flux Excellence Nature Assume Compromise
Agile Security Forum Pathfinder Initiativewww/parshift.com/AgileSecurityForum
[Rick Dove, Response Ability, Wiley 2001]
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Excellence Principles – Strawman Framework
Requisite Variety Ashby's Law: "The larger the variety of actions available to a control
system, the larger the variety of perturbations it is able to compensate....variety must match variety."
Any effective system must be as agile as its environmental forces. Reality-compatible (rational) policy, procedure, and practice. Functional Quality.
Parsimony Occam's Razor: Given a choice between two ... choose the simplest. Unintended consequences are the result of complexity. Humans can only deal with 5-9 items simultaneously. Bounded rationality (Herb Simon). Reduces perceived Risk.
Delight Engenders feelings of Trust and Respect. Aesthetic Quality.
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Reality Objectives - Strawman Framework
Proactive Principles
Vulnerability Anticipation – Identify/fix vulnerabilities before exploitation, sense indirect indicators of exploitation
Prudence – Correct vulnerabilities before exploitation
Transformation – Change randomly the elements/nature of security system
Threat/Risk Anticipation – Identify and counter threats and risks before exploitation
Migration – Continuous upgrade of security strategy and components
Accountability (Proactive) – Identify perpetrators with traps, glass houses, disinformation, etc, before damage
Reactive Principles
Detection – Detect intrusion and damage quickly
Containment – Minimize potential damage scope
Mitigation – Minimize potential damage magnitude
Assessment – Understand what has been damaged and how
Recovery – Repair damage quickly
Accountability (Reactive) – Identify the perpetrators forensically, after damage
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Early Rational-Security Examples Buffer overflows – coders will create them, QA will miss them.
AMD Solution: New processors will stop them (shift point of focus). Access-rights to critical resources will be abused.
Military Solution: Two-person access required on critical elements. Credit Card Theft – eSites will make it easy to re-order.
SWA Solution: Retain the trivial info, don't retain the number. M&A interconnect will occur quickly.
Cisco(?) Solution: Strategic fast/phased/buffered integration process. Known vulnerabilities will exist in systems.
HP Solution: "Active Countermeasures" probe and remediate.Sygate Solution: Magellan product shows real-time network node states.
New virus/worm versions defy advance signature filtering.HP Solution: "Virus Throttle" detects infection-speed and stops it.Symantic Solution: "Generic Exploit Blocking" filters for vulnerability exploit-
pattern. Foreign equipment of contractors and employees needs network access.
Sygate solution: End-point, acceptable-equipment-condition access monitor.Anonymous solution: AV vendor sends updates to employee-equipment.
Many/complex/changing passwords – users will write them down.Dove Solution: write all into one strongly-encrypted user file.
Rogue employees will be bought or go postal.Mitigation: Assume penetration is a natural state and act accordingly.
Outsource Centers will become major opportunity targets.Mitigation: Security-level agreements, Compartmentalized hard/soft/wet-ware.
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
of
Methods& Controls
affecting
cause
This is a map summarizing concept relationships.It is not a flow chart or organizational structure.
Relationships are read downward along connecting lines.
SolutionProfile
PathfinderInitiative
augmentedwith
documented as
ParticipantValue
SituationProfile
OperatingModes
CommunityInvolvement
Plan
Pathfinder Initiative – Concept of Operations
BroadPursuit ofStrategy
RationalStrategyProfile
DeepEffectiveInsight
create
RationalPolicy
RationalPractices
RationalProcedures
with immediate guidance for
PreliminaryCommunity
Agenda
RefinedKnowledge
FrameworksForumStaff
KnowledgeDiscovery
provides
of
Technology& Activities
affecting
Expectations& Objectives
affecting
has
MarketValue
Roadmapfor Action
Wake UpCall
provides
of
RealProblems
RealPeople
RealTime
SolutionFitnessProfile
SituationReality
Analysis
PathfinderGroup
CommunityPreparation
CFO/HR/CIO/CSOCTO/Mkt
Users andDevelopers
Mediaand Research
Firms
Logistics,Planning andFacilitation
CommunityAwareness
DeliverableConstruction
conducted by
CurrentPersonalIssues
~9 Months
assistingcoordinating providing
of assisted by
representing
developing
of
with
working on
in
ManagementInitial
KnowledgeFrameworks
StructuredWorkshop
ProceduresMission
Accountability
with
DeliverablesMission
on
developed by
see detail maps
Agile Security Forum
Attributed Copies Permitted© 2004 RKDove, Agile Security Forum, www.parshift.com/AgileSecurityForum
Rational Security Strategy
A strategy that ignores realityis a loosing proposition.
Humans and organizations swim in reality,and naturally fight incompatibilities.
"Unintended consequences are inevitable. Nevertheless, we are responsible both for what we do and what we fail to do
with technology [and strategy]."
Quote from "Frankenstein Today" by Scott Yoderhttp://www.msu.edu/~marianaj/frank2.ppt
Pathfinder Initiative Participation Inquiries:[email protected]