omg technical meeting - march 2013 presentation to updm group security view
DESCRIPTION
OMG Technical Meeting - March 2013 Presentation to UPDM Group Security View. Introduction Presentation Objectives Background Overview Security View Details Next Steps Q&A. Agenda. Introduce DRAFT Security View For each sub-view: Purpose, Description, Concepts - PowerPoint PPT PresentationTRANSCRIPT
OMG Technical Meeting - March 2013
Presentation to UPDM Group Security View
Agenda
• Introduction– Presentation Objectives– Background
• Overview
• Security View Details
• Next Steps
• Q&A
2
Presentation Objectives
• Introduce DRAFT Security View• For each sub-view:
– Purpose, Description, Concepts– Conceptual Architecture & Deliverables– Sample attribution template
• Convey essence and flow of security lifecycle;
• Our road ahead for SecV
3
Background
DriversDrivers
• “Security at the front” not as an afterthought
• Information & IT Security Capability– confidentiality, integrity, availability, non-
repudiation, and audit-ability– of defence information and the supporting
systems and networks.
• Pan-enterprise Security
Background
CollaboratorsCollaborators
• Security is “special”– normally involves Specialists– has unique perspectives
• IM & IT Security at the forefront
• Key Collaborators:– IM & IT Security (D IM Secur)– IT Engineering & Integration (DIMEI)
Background
OutcomeOutcome
• Redesign and partitioning of SecV-1 into 1a and 1b
• No change to existing SecV-2 and 3
• Discovery of new business requirements leading to SecV-4, 5, 6 & 7
Overview
Draft Sub-viewsDraft Sub-views
SecV-1a: Asset Security Domain & Valuation Rating
SecV-1b: Asset-at-Node Security Strength Requirement
SecV-2: Data Element Security Matrix
SecV-3: Aggregated Information Security Matrix
SecV-4: Security Control Specification
SecV-5: Security Control Profile
SecV-6: Security Control Service Profile
SecV-7: Asset-At-Node Threat Mitigation
8
Security Methodology (1/1)
SecV-1aAsset
Security Domain & Valuation
Rating
SecV-1bAsset-at-
Node Security Strength
Requirement
SecV-2Data
Element Security Matrix
SecV-3Aggregated Information
Security Matrix
Conduct Asset Sensitivity; Assign Security Domain
& Valuation Rating
Conduct TRA; Assign Security
Strength Requirement
Assess IERs and SDEs; Assign
Security Classification
Register Classified Data
Element Combinations
Asset Classification
and Valuations Lists
TRA Results and Security
Strength Requirements
Resource Flow &
IER & SDE Assessments
Data Element Combinations Risk Register
9
Security Methodology (2/2)
SecV-4Security Control
Specification
SecV-5Security Control Profile
SecV-6Security Control Service Profile
SecV-7Asset-at-
Node Threat Mitigation
Define SecurityControls
(CSEC & DND)
Establish Security Control Profile for
Asset (FoS) & Asset-at-Node
Define Security Services;
Establish SecurityControl Service
Profile
Establish Security Services to
address Asset-at-NodeSecurity Needs
SecurityControl
Taxonomy
Security Control Profile
for Asset & Asset-at-Node
Security Service
Taxonomy &Service Profiles
Asset-at-NodeThreat
MitigationSpecification
10
SecV-1a Purpose
SecV-1a : Asset Security Domain and Valuation RatingSecV-1a : Asset Security Domain and Valuation Rating
• The Asset (typically a member at some level of abstraction within the Asset FoS – Family of Systems) would undergo an Asset Sensitivity Analysis; the resulting Statement of Sensitivity is described and referenced in SecV-1a.
• Based on the sensitivity analysis, the Security Officer determines and assigns a Security Domain to the Asset.
• The DND Security Officer is also able to assign a Valuation Rating (Very Low to Very High) to the Asset.
Asset within FoS Structure
11
Asset
Materiel System Personnel Cash
WeaponsIT Systeme.g. SAP
Communications
SAP Sub-SystemA/R
SAP Sub-SystemG/L
SAP Sub-SystemPayroll
SAP ApplicationModule G/L 01
SAP ApplicationModule G/L 02
SAP ApplicationModule 03
Security Classification Taxonomy
Security Domain (e.g.)Security Domain (e.g.)• UNCLASSIFIED• PROTECTED A• PROTECTED B• PROTECTED C• CONFIDENTIAL• SECRET• TOP SECRET• …
Security Caveat (e.g.)Security Caveat (e.g.)• CANUK• NATO• AUSCANNZUKUS• CANUS• FOUR EYES• FIVE EYES• …
13
SecV-1a Conceptual Model
Asset (FoS)
Cash
Valuation Rating
AssetStatement of Sensitivity
Real Property
Information
Equipment
Personnel
Systems
INCLUDES
Determines
ResourceSub Types
Recommends
Security Domain
Results in
ClassifiesValues
SecV-1a Attribution Template
Example: Data Collection Dialog for Asset Valuation and Security Classification
15
SecV-1b Purpose
SecV-1b: Asset-At-Node Security Strength RequirementSecV-1b: Asset-At-Node Security Strength Requirement
• The logical Asset – classified & valued via SecV-1a– “deployed” (assigned) to a Node (OV-2) – Initiates a Threat Risk Assessment (TRA) being– now referred to as Asset-At-Node.
• SecV-1b enables the capture of relevant information from the TRA, including links to threats, vulnerabilities, impacts, and control objectives.
• The TRA enables the DND Security Officer to assign a Security Strength Requirement Rating to the Asset at Node.
16
SecV-1b Conceptual Model
Asset-at-NodeThreat Risk Assessment
(TRA)
Assigned to
Operational NodeRefer OV-2
Asset
Node
Recommends
SecurityControl
Objectives
Security Strength Requirement Matrix
Exp
osu
re
Impact
Determines
Assignment ofAsset to Node
Initiates
3 3 4 4 4 5 5 5
3 3 4 4 4 5 5 5
3 3 3 3 3 4 4 4
2 2 2 2 2 4 4 4
1 1 1 1 2 3 3 3
1 1 1 1 2 2 3 3
SecV-1b Attribution Template
Example: Data Collection Dialog for Asset@Node TRA and Security Strength Requirement
SecV-2 Purpose
18
SecV-2 – Data Element Security MatrixSecV-2 – Data Element Security Matrix
• The OV-3 and SV-6 sub-views require that the security parameters of each Information Exchange Requirement (IER) and System Data Exchange (SDE) be analyzed and documented.
• The security classification of an IER or SDE is based on the fact that it contains one or more data elements of that security level.
• SecV-2 enables the security classification and requirements of the set of data elements that comprise the IER or SDE.
• Covers both privacy and national security issues.
SecV-2 Data Model (DADM)
19
uses
is used by
is for
has
classifies
is classified by
restricts
is restricted by
restricts
is restricted by
DATA-ATTRIBUTE
SECURITY-CLASSIFICATION
CAVEATED-SECURITY-CLASSIFICATION
CAVEAT
SYSTEM-EXCHANGE
SecV-3 Purpose
SecV-3 – Aggregated Information Security MatrixSecV-3 – Aggregated Information Security Matrix
• Aggregation of Data can result in higher classified Information
• Registration of Data Element Combinations• Potential for security issues is captured• “Some analysis required”
20
SecV-3 Data Model (DADM)
21
classifiesis classified by
is for
has
classifies
is classified by
restricts
is restricted by
classifies
is classified by
applies to
has
INFORMATION-AGGREGATE
CAVEATED-SECURITY-CLASSIFICATION
SECURITY-CLASSIFICATION CAVEAT
AGGREGATE-TYPE
DATA-ATTRIBUTE
22
SecV-4 Purpose
SecV-4 Security Control SpecificationSecV-4 Security Control Specification
• SecV-4 enables definition and maintenance of
Security Controls in a taxonomy• Security Controls
– reusable objects that can be shared– and associated to Assets;
• Allows Security Control XREF to policies, legislation and regulations, standards, other knowledge artifacts, e.g.:– ITSG 33 Annex 3 (CSEC)– NIST 800-53 Rev 3
23
SecV-4 Conceptual Model
SecurityControl
Security ControlClass
XREF links to KnowledgeArtifacts in
Corporate Memory, Web or elsewhere
Security ControlFamily
Organizes
Comprises
Links
INCLUDES:ManagementTechnicalOperational
For Example:Access ControlAwareness and TrainingPersonnel Security
For Example:AC 17 – Remote Access
SecV-4 Attribution Template
Example: Data Collection Dialog for Security Control Specification
25
SecV-5 Purpose
SecV-5: Security Control ProfileSecV-5: Security Control Profile
• SecV-5 enables the association of Security Controls that are applicable to an Asset (FoS). – This is referred to as the Asset Security Control Profile.
• SecV-5 further allows the Security Officer to create and maintain a similar Profile for the Asset-At-Node; – The Asset-at-Node would automatically inherit (as default)
the Asset Security Control Profile as a starting point. – The end result is titled the Asset-At-Node Security Control
Profile.
26
SecV-5 Conceptual Model
SecurityControl
Asset Security Control Profile
Asset(FoS)
Asset-At-NodeSecurity Control
Profile
Refers
Selects
Deployedto
Identifies
Requires
Asset
Node
SecV-5 Attribution Template
Example: Data Collection Dialog for Security Control Profile
28
SecV-6 Purpose
Sec V-6: Security Control Service ProfileSec V-6: Security Control Service Profile
• SecV-6 does two distinct things:– enables the specification and maintenance of the Security
Service– links a subset of Security Services to a Security Control; this
is referred to as the Security Control Service Profile.
• Security Services– reusable security mitigation mechanisms. – can be automated or manual– automated security services can be further defined in terms
of its hardware and software components.
29
SecV-6 Conceptual Model (1/2)
AutomatedSecurity Service
Security ServiceSoftware Component
Security Service
Comprises
Non-AutomatedSecurity Service
Security ServiceHardware Component
Sub-Type
SecV-6(1) Attribution Template
Example: Data Collection Dialog for Security Service Specification
31
SecV-6 Conceptual Model (2/2)
Security Service
Security Control Service Profile
Security Control(SecV-4)
Mitigated By
Manages
SecV-6(2) Attribution Template
Example: Data Collection Dialog for Service Control Service Profile
33
SecV-7 Purpose
SecV-7: Asset-At-Node Threat MitigationSecV-7: Asset-At-Node Threat Mitigation
• SecV-7 enables creation and maintenance of an Asset-At-Node Threat Mitigation Package:
– comprises a subset of Security Services needed by the Security Controls to protect the Asset-at-Node.
– Selection is influenced by the Strength Requirement Rating
34
SecV-7 Conceptual Model
Asset-at-Node Threat Mitigation Package
Security ServiceSelects
RequiresSecurity ControlService Profile
Refer SecV-5
Asset-At-Node Security Control Profile
Security Control
Mitigation Security Control Service
Refer SecV-6
Influences
Comprises
Refer SecV-4
Refer SecV-1b
Asset
Node
Asset-At-Node Security Strength Requirement
Example: Data Collection Dialog for Threat Mitigation Package
SecV-7 Attribution Template
Security ControlRefer SecV-4
TRATRAAsset-at-Node Security
Control ProfileRefer SecV-5
Asset
Security ControlService
Refer SecV-6 (2)Refer SecV-6 (1)
Security ControlService Profile
Asset-At-Node Mitigation Lifecycle
Deployed to
Asset
Node
Refer SecV-1a
Asset
Security Control Objectives
Refer SecV-1b
Asset-At-Node Security Strength Requirement
Asset-at-Node Threat Mitigation Pkg
Refer SecV-7
Mitigated By
InfluencesRequired by
has
hasEstablishes
Determines
Road Ahead
• Theoretical product, at this point
• Much work remains– ensure responsive to needs– Confirm concepts are valid, not redundant
• Validation effort initiated
• Update at next meeting in June.
37
Security View Road MapFOCIOC
S
Preliminary Development Work
2012
Today
Presentation of Draft to OMG
Testing and validation
Finalize Security Views
Presentation of Final to OMG
Implement SecV in Qualiware
ACTIVITY2013
JO N D F M A M J J A S O N D J F M A M J J A S O N D
2014
EA
15 Mar
Publish SecV in DNDAF
Q&A
• Looking for Feedback and Encouraging Wider Collaboration
• Contacts:[email protected]
EA Programme Support
(613) 993-6164
EA Development
(613) 990-8341
39
SecV-1a Class Diagram
40
SecV-1b Class Diagram
41
SecV-2 Class Diagram
42
SecV-3 Class Diagram
43
SecV-4 Class Diagram
44
SecV-5 Class Diagram
45
SecV-6 Class Diagram
46
SecV-7 Class Diagram
47