Session

Application of Model-Based System Engineering for Assuring Enterprise Cybersecurity

Researchers at UNCW are working to advance the theory and application of model-based system engineering (MBSE) for the purpose of resolving targeted cybersecurity use cases. The initial use case or system of interest that will be covered during the presentation is that of a modern digital enterprise. Within the cybersecurity knowledge domain enterprise cybersecurity merits special consideration because it typically presents as a large-scale, complex system of digital systems. A simple four step work process will be presented as a means for developing a risk treatment plan. The four steps are model, analyze, design, and implement. Key in the modeling step is creation of a novel descriptive enterprise system model that serves as an artifact showing how enterprise type, digital strategy, and behavior influences its attack surface structure. A DESM artifact is useful for analyzing assets of value, motivated threat actors, and vulnerabilities. A synthesis of the analyses enables creation of a risk register which is the primary input for designing a risk treatment plan using known risk treatment options and security controls. A plan of action with milestones will show how the risk treatment plan will be implemented. The target outcome for the four-step work process is conversion of the attack surface into a trust boundary at a level sufficient for achieving a defined security objective. The four-step work process will be linked to triple-loop learning which promotes cyber-defender cognitive skill development and performance improvement. The use case will be presented using a model-based system engineering web application.

Laura Rodgers

Director of Cybersecurity Practice, NC State University

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top