Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Introduction to the Security Engineering Risk Analysis (SERA) Framework

  • Abstract

    Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions are also increasing. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible. As a result, researchers from the CERT Division of the Software Engineering Institute (SEI) have started investigating early lifecycle security risk analysis (i.e., during requirements, architecture, and design). This report introduces the Security Engineering Risk Analysis (SERA) Framework, a model-based approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. The framework integrates system and software engineering with operational security by requiring engineers to analyze operational security risks as software-reliant systems are acquired and developed. Initial research activities have focused on specifying security requirements for these systems. This report describes the SERA Framework and provides examples of pilot results.

  • Download

Cite This Report

SEI

Alberts, Christopher; Woody, Carol; & Dorofee, Audrey. Introduction to the Security Engineering Risk Analysis (SERA) Framework. CMU/SEI-2014-TN-025. Software Engineering Institute, Carnegie Mellon University. 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=427321

IEEE

Alberts. Christopher, Woody. Carol, and Dorofee. Audrey, "Introduction to the Security Engineering Risk Analysis (SERA) Framework," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2014-TN-025, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=427321

APA

Alberts, Christopher., Woody, Carol., & Dorofee, Audrey. (2014). Introduction to the Security Engineering Risk Analysis (SERA) Framework (CMU/SEI-2014-TN-025). Retrieved November 22, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=427321

CHI

Christopher Alberts, Carol Woody, & Audrey Dorofee. Introduction to the Security Engineering Risk Analysis (SERA) Framework (CMU/SEI-2014-TN-025). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=427321

MLA

Alberts, Christopher., Woody, Carol., & Dorofee, Audrey. 2014. Introduction to the Security Engineering Risk Analysis (SERA) Framework (Technical Report CMU/SEI-2014-TN-025). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=427321

BibTex

@techreport{AlbertsIntroductionto2014,
title={Introduction to the Security Engineering Risk Analysis (SERA) Framework},
author={Christopher Alberts and Carol Woody and Audrey Dorofee},
year={2014},
number={CMU/SEI-2014-TN-025},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=427321} }