search menu icon-carat-right cmu-wordmark

Designing Security Into Software-Reliant Systems

June 2015 Podcast
Christopher J. Alberts

In this podcast, CERT researcher Christopher Alberts introduces the SERA Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.

What we’re trying to do is build security in by modeling risk early in the lifecycle and then explicitly articulating what that risk is and proactively implementing controls to counteract that risk.

Publisher:

Software Engineering Institute

Listen

Abstract

Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions are also increasing. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible. As a result, researchers from the CERT Division of the Software Engineering Institute (SEI) have started investigating early lifecycle security risk analysis (i.e., during requirements, architecture, and design). In this podcast, CERT researcher Christopher Alberts introduces the Security Engineering Risk Analysis (SERA) Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. The framework integrates system and software engineering with operational security by requiring engineers to analyze operational security risks as software-reliant systems are acquired and developed. Initial research activities have focused on specifying security requirements for these systems.

About the Speaker

Christopher J. Alberts

Christopher J. Alberts

Christopher Alberts is a principal engineer in the CERT Division at the SEI where he leads applied research and development projects in software assurance and cyber security. ...
Christopher Alberts is a principal engineer in the CERT Division at the SEI where he leads applied research and development projects in software assurance and cyber security. His research interests include risk analysis, measurement, and assessment. He has also co-authored two books, Managing Information Security Risks: The OCTAVE Approach and the Continuous Risk Management Guidebook.

Read more