Menu

About
About

back
Research and Capabilities
Research and Capabilities

back
Publications
Publications

back
News and Events
News and Events

back
- News
- Events
- SEI Bulletin
Education and Outreach
Education and Outreach

back
Careers
Careers

back

Software Engineering Institute | Carnegie Mellon University

Software Engineering Institute | Carnegie Mellon University

SEI Menu
About
Research and Capabilities
Publications
News and Events
- News
- Events
- SEI Bulletin
Education and Outreach
Careers

Home Digital Library Designing Security Into Software-Reliant Systems

Digital Library

Advanced Search

Advanced Search

Keywords Phrases

ISBN

Content Type

Annual Report
Article
Audio
Book Chapter
Book
Brochure
CERT Research Report
Collection
Conference Paper
Curriculum Module

Educational Material
Fact Sheet
Form
Handbook
Maturity Module
Newsletter
Podcast
Poster
Presentation
Security Improvement Module

Software
Special Report
Technical Note
Technical Report
User's Guide
Video
Webinar
White Paper

Subjects

Acquisition Support
Agile
Big Data
CERT/CC
CMMI
CSIRTs
Cloud Computing
Critical Infrastructure Protection
Cyber Risk and Resilience Management
Cyber-Physical Systems
Cybersecurity Engineering
DevOps
Digital Intelligence and Investigation
FloCon
Forensics
Governance
Incident Handling
Incident Management
Insider Threat
MERIT

Malware Analysis
Measurement and Analysis
Network Situational Awareness
OCTAVE
People CMM
Performance and Dependability
Pervasive Mobile Computing
Predictability by Construction
Privacy
Process Improvement
Research Review
Resilience Management Model (RMM)
Risk Assessment
Risk and Opportunity Management
SATURN
SQUARE
Science of Cybersecurity
Secure Coding
Security Training
Service-Oriented Architecture

Smart Grid Maturity Model
Software Architecture
Software Assurance
Software Product Lines
Software Solutions Symposium
Supply Chain Assurance
Survivability Analysis Framework (SAF)
Survivability and Information Assurance (SIA)
System of Systems
TSP
TSP Symposium
Technical Debt
Technical Debt Workshop
Threat
Ultra-Large-Scale Systems
Vulnerability Analysis
Workforce Development

Publication Date

From:

To:

Podcast

Designing Security Into Software-Reliant Systems

June 2015
By Christopher J. Alberts
In this podcast, CERT researcher Christopher Alberts introduces the SERA Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.
Cybersecurity EngineeringCybersecurity Engineering
Publisher: Software Engineering Institute

“What we’re trying to do is build security in by modeling risk early in the lifecycle and then explicitly articulating what that risk is and proactively implementing controls to counteract that risk.”
Listen

Loading Podcast.....
Related
Abstract

Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions are also increasing. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible. As a result, researchers from the CERT Division of the Software Engineering Institute (SEI) have started investigating early lifecycle security risk analysis (i.e., during requirements, architecture, and design). In this podcast, CERT researcher Christopher Alberts introduces the Security Engineering Risk Analysis (SERA) Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. The framework integrates system and software engineering with operational security by requiring engineers to analyze operational security risks as software-reliant systems are acquired and developed. Initial research activities have focused on specifying security requirements for these systems.
Transcript
Audio

About the Speaker

Christopher Alberts is a principal engineer in the CERT Division at the SEI where he leads applied research and development projects in software assurance and cyber security. His research interests include risk analysis, measurement, and assessment. He has also co-authored two books, Managing Information Security Risks: The OCTAVE Approach and the Continuous Risk Management Guidebook.

Ask a question about this Podcast

Find Podcasts on iTunes

SEI Podcast Series on iTunes U

Carnegie Mellon University on iTunes U

Podcast Categories

Acquisition SupportAcquisition Support

Cyber Risk and Resilience ManagementCyber Risk and Resilience Management

Cyber-Physical SystemsCyber-Physical Systems

Cybersecurity EngineeringCybersecurity Engineering

Digital Intelligence and InvestigationDigital Intelligence and Investigation

Incident ManagementIncident Management

Insider ThreatInsider Threat

Malware AnalysisMalware Analysis

Measurement and AnalysisMeasurement and Analysis

Network Situational AwarenessNetwork Situational Awareness

Performance and DependabilityPerformance and Dependability

Pervasive Mobile ComputingPervasive Mobile Computing

Science of CybersecurityScience of Cybersecurity

Secure CodingSecure Coding

Service-Oriented ArchitectureService-Oriented Architecture

Software ArchitectureSoftware Architecture

Software AssuranceSoftware Assurance

Software Product LinesSoftware Product Lines

System of SystemsSystem of Systems

Vulnerability AnalysisVulnerability Analysis

Podcast Series Collections

Agile Adoption in Government Podcast Series

Desktop View

Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800

Terms of Use | Privacy Statement | Intellectual Property
© 2019 Carnegie Mellon University