Issue No. 06 - November-December (2004 vol. 2)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2004.109
Shelby Evans , BBN
David Heinbuch , APL
Elizabeth Kyule , APL
John Piorkowski , APL
James Wallner , CDA
Government and industry increasingly rely on modern information systems (IS) for mission successes. But their critical IS must survive in hostile environments; thus, mission owners need systems security engineers to build systems that are secure against real-world attacks but not over-engineered against a particular one. By understanding which attacks are most likely and which risks are most serious, mission owners can make cost-effective countermeasures decisions. We describe a systems security-engineering methodology for enumerating system attacks, assessing risks, and choosing countermeasures that best mitigate the risks.
Mordor, security systems, attack intentions, profiles, threat assessment
J. Piorkowski, E. Kyule, D. Heinbuch, J. Wallner and S. Evans, "Risk-based Systems Security Engineering: Stopping Attacks with Intention," in IEEE Security & Privacy, vol. 2, no. , pp. 59-62, 2004.