Course Hero Logo

Lesson 136 systems security engineering see o

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 20 - 23 out of 33 pages.

Lesson 13.6 – Systems Security Engineering (SEE)oIntroductionSystem security is not a new problem.System security is a design problem:
“Providing satisfactory security controls in a computer system isin itself a system design problem.A combination of hardware,software, communications, physical, personnel, andadministrative-procedural safeguards is required forcomprehensive security.In particular, software safeguardsalone are not sufficient.”oSystems Security Engineering (SSE)Systems Security Engineering (SSE) is a specialty discipline ofsystems engineering (SE)with several design considerations:CybersecurityHardware AssuranceAnti-TamperSupply Chain Risk ManagementDefense ExportabilitySecurity Specialties (Industrial Security, Physical Security,Operational Security, etc.)Systems Security Engineering is just another one of many sub-disciplines in systems engineering; just like reliability andmaintainability, requirements, etc…The focus is to ensure that we have considered the threats,vulnerabilities, and risks associated with cyber; along with all the otherconcerns we have as we define, build, operate, and maintain a system.oProgram Protection Plan (PPP)The purpose of the Program Protection Plan (PPP) is to ensure thatprograms adequately protect their technology, components, andinformation throughout the acquisition process during design,development, delivery, and sustainment.The process of preparing a PPP is intended to help program officesconsciously think through what needs to be protected and to develop aplan to provide that protection.Once in place, a PPP should guide program office security measures.It should be updated as threats and vulnerabilities change or are betterunderstood.Program managers will employ systems security engineering practicesand prepare a PPP to guide their efforts and the actions of others tomanage the risks to critical program information and mission-criticalfunctions and components associated with the program.The PPP will be submitted for MDS approval at each milestone review.The PPP is the focal point for documentation of the program protectionanalysis, plans, and implementation within the program forunderstanding and managing the full spectrum (including softwareassurance vulnerabilities and risk based remediation strategies) of theprogram throughout the acquisition life cycle.oKey Components of a Program Protection PlanThere are two main components of a Program Protection Plan (PPP)which include:
Critical Program Information (CPI)Mission-Critical Functions and ComponentsThey are the foundations of a PPP and consist of the technology,components, and information that provide mission-essential capabilityto our defense acquisition programs.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 33 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
N/A

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture