•  Understand System Security Engineering processes in the development of systems.
• Evaluate the security design of systems using security engineering processes and principles.
• Develop system designs that embed security functions and provide adequate protection to system functions.
• Analyze system security risk within the context of system operations and organizational risk tolerance.
• Understand NIST SP800-160 System Security Engineering Framework, and Engineering secure systems with ISO 26702, ISO 21827 and 27001

• Problem related to information security
• What is system engineering?
• What is system security engineering?
• System Security Engineering Processes
• Design For Security
• Security risk assessment and management
• The Systems Security Engineering Capability Maturity Model (ISO 21827)
• NIST SP800-160 System Security Engineering Framework
• System Security Engineering Assistant Tools

• How does management establish and track an information security program when:
• Current system security strategies are inadequate, and it lacks proper security engineering implementation within organization
• That impacts the organization costly, and systems fail to be certified and accredited. As systems have grown more complex and adversaries in cyberspace continue to successfully exploit numerous vulnerabilities, the need for improved secure system engineering has become acute.
• Risks are real
• Risks are nearly infinite
• The information environment is highly dynamic
• Resources are finite

• The protection of information and its critical elements, including systems, software, and hardware that use, store, and transmit that information
• Necessary tools: risk management, policy, awareness, training, education, technology
• I.A. triangle was standard based on confidentiality, integrity, and availability
• I.A. triangle now expanded into list of critical characteristics of information

• Confidentiality
  • Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network.

• Integrity
  • Integrity means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data.

• Availability
  • Availability means that people who are authorized to use information are not prevented from doing so

• Systems Engineering (SE) is the engineering discipline that focuses on integrating all the key elements of a system into one overall system and managing it throughout its lifecycle.
• “Systems engineering is an interdisciplinary engineering management process that evolves and verifies an integrated, life-cycle balanced set of system solutions that satisfy customer needs.” (DoD).
• Systems Engineering integrates all the disciplines and specialty groups into a team effort forming a structured development process that proceeds from concept to production to operation. Systems Engineering considers both the business and the technical needs of all customers with the goal of providing a quality product that meets the user needs(INCOS).

• Description: The concept of Systems Security Engineering is to serve the organization to ensure that the security requirements of systems are met under advanced adversarial attack.
• System Security Engineering (SSE) is an element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities [DoD 5200.44].

• The focus of the Systems Security Engineering discipline is:
• tools,
• processes, and
• methods
• needed to
• design,
• implement, and
• test
• complete systems, and to adapt existing systems as their environment evolves.

• Secure Process
  • Set of activities performed to develop, maintain, and deliver a secure software solution
  • Activities could be concurrent or iterative
• Process model
  • provides a reference set of best practices that can be used for both
    • process improvement and process assessment.
  • defines the characteristics of processes
  • usually has an architecture or a structure

• survey of existing processes, process models, and standards seems to identify the following four SDLC focus areas for secure system development
  • Security Engineering Activities
  • Security Assurance
  • Security Organizational and Project Management Activities
  • Security Risk Identification and Management Activities

• Security Engineering Activities
  • activities needed to engineer a secure solution.

security requirements elicitation and definition,

secure design based on design principles for security,

use of static analysis tools,

reviews and inspections, security testing, etc..

• Security Assurance Activities

verification, validation, expert review,

artifact review, and evaluations.

• Security Organizational and Project Management Activities
  • Organizational management
    • rganizational policies, senior management sponsorship and oversight, establishing organizational roles, ….
  • Project management
    • project planning and tracking,
    • resource allocation and usage
• Security Risk Identification and Management Activities
  • Cost-based Risk analysis
  • Risk mitigation ..

• CMM
  • Provides reference model of mature practices
  • Helps identify the potential areas of improvement
  • Provides goal-level definition for and key attributes for specific processes
  • Systems Security Engineering Capability Maturity Model (SSE-CMM)
    • Specifically to develop secure systems

• The SSE-CMM
  • improve and assess the security engineering capability of an organization
  • provides a comprehensive framework for
    • evaluating security engineering practices against the generally accepted security engineering principles.
  • provides a way to
    • measure and improve performance in the application of security engineering principles.

• Purpose for SSE-CMM
  • fill the lack of a comprehensive framework for evaluating security engineering practices against the principles
• The SSE-CMM also
  • describes the essential characteristics of an organization’s security engineering processes.

• The SSE-CMM is now ISO/IEC 21827 standard

• Architectural design - how do architectural design decisions affect the security of a system?
• Good practice - what is accepted good practice when designing secure systems?
• Design for deployment - what support should be designed into a system to avoid the introduction of vulnerabilities when a system is deployed for use?

• Protection
  • How should the system be organized so that critical assets can be protected against external attack?
• Distribution
  • How should system assets be distributed so that the effects of a successful attack are minimized?
• Potentially conflicting
  • assets are distributed, then they are more expensive to protect.

• Platform-level protection
• Application-level protection
• Record-level protection

• Design guidelines encapsulate good practice in secure systems design
• Design guidelines serve two purposes:
  • They raise awareness of security issues in a software engineering team.
  • They can be used as the basis of a review checklist that is applied during the system validation process.

• Base security decisions on an explicit security policy
• Avoid a single point of failure
• Fail securely
• Balance security and usability
• aware of the possibilities of social engineering

• Use redundancy and diversity to reduce risk
• Validate all inputs
• Compartmentalize your assets
• Design for deployment
• Design for recoverability

• Resistance
  • Avoiding problems by building capabilities into the system to resist attacks
• Recognition
  • Detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage
• Recovery
  • Tolerating problems by building capabilities into the system to deliver services whilst under attack

• NIST Special Publication 800-160 is the flagship publication in a series of planned systems security engineering publications.
• The series of 800-160 publications will include several important systems security engineering topics, for example: hardware security and assurance; software security and assurance; and system resiliency.
• Each topic will be addressed in the context of the system life cycle processes contained in ISO/IEC/IEEE 15288 and the security related activities and tasks that are described in SP 800-160.

• Systems security engineering, as an integral part of systems engineering, helps to ensure that the appropriate security principles, concepts, methods, and practices are applied during the system life cycle to achieve stakeholder objectives for the protection of assets—across all forms of adversity characterized as disruptions, hazards, and threats.
• also helps to reduce system defects that can lead to security vulnerability and as a result, reduces the susceptibility of the system to adversity

• Systems security engineering leverages many security specialties and focus areas that contribute to systems security engineering activities and tasks. These security specialties and focus areas include, for example: computer security; communications security; transmission security; antitamper protection; electronic emissions security; physical security; information, software, and hardware assurance; and technology specialties such as biometrics and cryptography.

• Engineering the security functions that provide system security capability
• Engineering the security-driven constraints for all system functions; and
• Engineering and advising for the protection of data, information, technology, methods, and assets associated with the system throughout its life cycle.
• These roles require a systems security engineering presence in all systems engineering activities in order to establish a multidisciplinary security and specialty approach to engineering—resulting in sustainably trustworthy secure systems throughout the system life cycle.

• The systems security engineering framework emphasizes an integrated, holistic security perspective across all stages of the system life cycle and is applied to satisfy the milestone objectives of each life cycle stage.
• The figure provides an overview of the systems security engineering framework and its key components.
• The framework defines three contexts within which the systems security engineering activities are conducted. These are the problem context, the solution context, and the trustworthiness context. Establishing the three contexts helps to ensure that the engineering of a system is driven by a sufficiently complete understanding of the problem articulated in a set of stakeholder security objectives that reflect protection needs and security concerns

• The problem context defines the basis for an acceptably and adequately secure system given the stakeholder’s mission, capability, performance needs and concerns; the constraints imposed by stakeholder concerns related to cost, schedule, risk and loss tolerance; and other constraints associated with life cycle concepts for the system
• The problem context includes:
• Determining life cycle security concepts
• Defining security objectives;
• Defining security requirements; and
• Determining measures of success.

• The solution context transforms the stakeholder security requirements into design requirements for the system; addresses all security architecture, design, and related aspects necessary to realize a system that satisfies those requirements; and produces sufficient evidence to demonstrate that those requirements have been satisfied.
• The system security protection strategy is consistent with the overall concept of secure function. The concept of secure function, defined during the problem context, constitutes a strategy for a proactive and reactive protection capability throughout the system life cycle.
• The Solution Context includes:
• Defining the security aspects of the solution
• Realizing the security aspects of the solution; and
• Producing evidence for the security aspects of the solution.

• The trustworthiness context is a decision-making context that provides an evidence-based demonstration, through reasoning, that the system-of-interest is deemed trustworthy based upon a set of claims derived from security objectives.
• The trustworthiness context consists of:
• Developing and maintaining the assurance case; and
• Demonstrating that the assurance case is satisfied.

• describes the security considerations and contributions to system life cycle processes to produce the security outcomes that are necessary to achieve trustworthy secure systems.
• The security considerations and contributions are provided as systems security engineering activities and tasks and they are aligned with and developed as security extensions to the system life cycle processes in ISO/IEC/IEEE 15288, Systems and software engineering – System life cycle processes.

• Each of the system life cycle processes contains a set of system security activities and tasks that produce a set of security-oriented outcomes.
• These outcomes combine to deliver a system and a corresponding body of evidence that serves as the basis to substantiate the security and the trustworthiness of the system.
• Each life cycle process description has the following format:
• Purpose: The purpose section identifies the primary goals and objectives of the process and provides a summary of the security-focused activities conducted during the process.
• Outcomes: The outcomes section describes the security-focused outcomes achieved by the completion of the process and the data generated by the process.
• Activities and Tasks: The activities and tasks section provides a description of the security oriented work performed during the process including the security-focused enhancements to the activities and tasks.

• The following naming convention is established for the system life cycle processes. Each process is identified by a two-character designation (e.g., BA is the official designation for the Business or Mission Analysis process). The Table provides a listing of the system life cycle processes and their associated two-character designators.

• Systems that possess
• resilient,
• trustworthy,
• system-level protections
• sufficient to enable achievement of mission/business objectives
• within performance parameters and risk tolerance

• System Security Engineering Assistant (S2EA) is a modelling tool that supports system engineers to adopt and deploy security mechanisms proactively by-design. S2EA follows a UML model-based paradigm and establishes a controlled and supervised modelling framework to support system engineers to create their system architectures and to integrate appropriate security mechanisms into them while ensuring design integrity.
• System Security Engineering Assistant (i85693.wixsite.com)

• Top 10 Vulnerability Scanners
• http://sectools.org/tag/vuln-scanners/
• Top 10 Web Vulnerability Scanners
• http://sectools.org/tag/web-scanners/
• Top 15 Security/Hacking Tools & Utilities
• http://www.darknet.org.uk/2006/04/top-15-securityhacking-tools-utilities/
• Top 125 Network Security Tools
• http://sectools.org/
• More Information about Tools, please visit my blog
• http://Msharbaf.wordpress.com

• [ISO/IEC 21827] International Organization for Standardization/International Electrotechnical Commission/Institute Information technology -- Security techniques -- Systems Security Engineering -- Capability Maturity Model, 2008
• [ISO/IEC/IEEE 15288] International Organization for Standardization/International Electrotechnical Commission/Institute of Electrical and Electronics Engineers (ISO/IEC/IEEE) 15288:2015, Systems and software engineering — Systems life cycle processes, May 2015.
• [ISO/IEC 15026-3] International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 15026-3:2015, Systems and software engineering -- Systems and software assurance -- Part 3: System integrity levels, November 2015.
• [ISO/IEC 27001] International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001:2013, Information technology -- Security techniques -- Information security management systems -- Requirements, September 2013.
• Federal Information Security Modernization Act of 2014, (P.L. 113- 283, Title II), December 18, 2014.
• Department of Defense (DoD) Directive 8140.01, Cyberspace Workforce Management, August 2015.
• Committee on National Security Systems Instruction (CNSSI) No. 4009, Committee on National Security Systems (CNSS) Glossary, April 2015.
• System Engineering Handbook—A Guide for System Engineering Life Cycle Processes and Activities, International Council On Systems Engineering TP-2003-002-04, 4th Edition, July 2015.
• Madni and S. Jackson, Towards a Conceptual Framework for Resilience Engineering, IEEE Systems Journal, Vol. 3, No. 2, June 2009.
• NIST-[SP-800-160], Vol. 2, R. Ross, R. Graubart, D. Bodeau, R. McQuaid, Systems security engineering: Cyber resiliency considerations for the engineering of trustworthy secure systems, vol. 2, 2018.
• NIST-[SP 800-160], Vol. 1,R. Ross, R. Michael Mcevilley, Janet Carrier Oren, Systems security engineering, vol. 1, 2016
• NIST-[SP 800-37] National Institute of Standards and Technology Special Publication (SP) 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, February 2010 (updated June 5, 2014).
• 800-53A] National Institute of Standards and Technology Special Publication (SP) 800-53A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans, December 2014 (updated December 18, 2014).
• McEvilley, Towards a Notional Framework for Systems Security Engineering, The MITRE Corporation, NDIA 18th Annual Systems Engineering Conference, October 2015.
• Ross, Security Engineering: A Guide to Building Dependable Distributed Systems, Publisher: John Wiley & Sons, 2008.
• Carol C. Woody and Nancy R. Mead, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, publisher Addison-Wesley, 2017
• Stuart Jacobs, Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance, publisher IEEE Press/Wiley, 2016
• Daniel Mellado a, Carlos Blanco b, Luis E. Sánchez c, Eduardo Fernández-Medina, A systematic review of security requirements engineering, Elsevier, Computer Standards & Interfaces 32(4):153-165 · June 2010.
• Ian Alston , Simon Campbell, Selex Galileo Ltd, A Systems Engineering Approach For Security System Design, IEEE 2010 International Conference on Emerging Security Technologies.
• Jennier L. Bayuk, Systems Security Engineering, IEEE Security & Privacy Journal, March/April 2011, pp. 72-74, vol. 9.