Whitepaper: Security Architecture and Engineering Post-85% Design

Categories
White Papers and Articles
- The Hadron Analex Story March 2, 2011
- Payment Card Industry/Data Security Standards An Overview February 4, 2011
- Federal Cyber Security and Trusting the Cloud – Data Hosting and Virtualization February 4, 2011
Blogs
- Doing Business With the Intelligence Community
- Cyber Security World
Archive of White Pages
Blogroll
- Defense News Up to Date Defense and Cyber Security News 0
- Doing Business With the Intelligence Community 0
- WordPress Planet 0
Cyber Forensics Links
- EnCase A must have for any computer forensic toolbox. 0
- FTK3 Forensic ToolKit (FTK) provides integrated, easy use forensic software tools and is an accepted standard in law enforcement. 0
Cyber Security Links
- CERT Coordination Center State of the art cyber security studies and reports 1
- CNET Hardware and Software technology and pricing reviews. 0
- Nessus Security scanner to audit a network. Runs on UNIX 0
- Network Security Library Cyber Security papers and information. 0
- TCPdump and WinDump Dump captured tcp traffic on a network to a file. TCPdump is UNIX only and WinDump works for Windows 0
- Unified Cross Domain Management Office (UCDMO) Provide centralized coordination and oversight of all cross domain initiatives across the DoD and the IC 0
- US-CERT – United States Computer Emergency Readiness Team The Official Cyber Security Readiness site of the United States of America 0
Ethical Hacking Links
- Certified Ethical Hacker Obtaining requirements for Certified Ethical Hacker status. 0
Hacking Wireless Networks Links
- cwnp Certified Wireless Network Professional Program 0
Top 10 Security Tools Links
- Cain and Abel Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords. 0
- Hping2 Network Probe Capable of Sending and Receiving Custom TCP and Other Data Packets 0
- John the Ripper John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. 0
- Kismet Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. 0
- Metasploit Advanced Vulnerability Research Tools 0
- NetCat Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. 0
- Nmap Free Security Scanner For Network Exploration & Hacking. 0
- Snort Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. 0
- TCPdump A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture. 0
- Wireshark Wireshark is the world’s foremost network protocol analyzer. 0

Whitepaper: Security Architecture and Engineering Post-85% Design

Filed in Cyber Security and Information Assurance on Apr.05, 2010

Summary

The GeoScout Security Engineering and Architecture team has insufficient resources (both in number and capability) to ensure the successful, timely, and well-documented deployment of a secure GIMS. The team’s original placement under SE&A activities constrained its scope to the design phase, whereas the security discipline is required throughout the system development lifecycle. Funding for Security Engineering has been cut drastically as the architecture reaches maturity, yet the Development and IV&T phases have ongoing security needs that now are in jeopardy. Recommendation is to establish a core Security Architecture Team of 6 FTE with specific, well-defined security skill sets to adequately address the myriad continuing security issues on schedule, and establish ‘security liaisons’ within key elements and products to facilitate communication with Subject Matter Experts.

Background

The Security Engineering and Architecture team is responsible for a range of GIMS deliverables and responsibilities. The deliverables include the Security CONOPS, Security Requirements Traceability Matrices, Security Composite View, Data Owner’s Guide, and Security Policy Appendix. Other equally-extensive responsibilities revolve around the mandate to ensure security controls and services are implemented across all 5 program elements and 19 products, as well as in interfaces with external customers, Legacy / Heritage systems, and GIMS-associated ECP, ROM, & RFC.
Following the 50%-DAA event, the Security Architecture and Security Engineering teams together stood at 10 FTE. In addition, an internal-facing Chief Security Architect (1 FTE) addressed security issues at programmatic level, and an external-facing Chief Information Security Officer (1 FTE) coordinated with NGA and Intelligence Community customers. This scope ensured the security presence spanned the depth of the program. Presently, the program Chief Security Architect position has been eliminated, and the post-milestone consolidated Security Engineering and Architecture team has been reduced to 3.5 FTE from 10 FTE. However, the daily workload and program responsibilities of the Security team have not appreciably declined.

Furthermore, the scope of GIMS necessitates a security team with technical expertise in each of several areas: Computer Network Defense, Network Communications and Encryption, Identity Management, Web Services and SOA, Application Security, Platform Security, Data Security, and Security Requirements & Governance. The current FTE levels supporting these activities are insufficient to adequately meet schedule and program requirements. This lack of resources will result in frequent adjustment and re-prioritization of tasks and deliverables to favor each day’s ‘emergency’ issues. Schedules and deliverables will be forced to slip—as is currently happening with work on the Security Policy Appendix—and milestone achievement will be put at risk.

Recommendation

Organize the Security Engineering and Architecture team within the program so that it is not dependent on SE&A funding and can span the System-Development Lifecycle. Expand the size of the team as necessary (6 FTE, minimum) to ensure each technical area is covered by at least one team member (more in critical areas such as Identity Management, Web Services, and Network / Infrastructure Security). Assign one engineer from each program element, and from each product team with critical impact, to be a designated liaison to the Security Architecture team.
Approach: Aspiration Software has prepared an initial integrated work plan that matches existing team requirements with program milestones, ensuring technically-fluent deliverables are produced on schedule and product teams are given expert guidance implementing security controls.

The work plan identifies Security Engineering tasks over the next several months, the FTE required and currently available for each, and the time period over which the work is performed. Detailed work descriptions are listed for each work stream, and benefits of inclusion and risks of exclusion for each are identified to underscore the consequences of not providing critical, required services. The tasks are grouped so that they can be individually selected on a line-item basis, and necessary FTE easily determined to match available funding levels.

Do you like this article?

Subscribe and get the latest

Save this page

Stumble It

Categories

White Papers and Articles

Blogs

Archive of White Pages

Blogroll

Cyber Forensics Links

Cyber Security Links

Ethical Hacking Links

Hacking Wireless Networks Links

Top 10 Security Tools Links