Survivable Network Analysis Method
• Technical Report
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2000-TR-013Abstract
Society is increasingly dependent on large-scale, networked information systems of remarkable scope and complexity. This dependency magnifies the far-reaching consequences of system damage from attacks and intrusions. Yet no amount of security can guarantee that systems will not be penetrated. Incorporating survivability capabilities into an organizations systems can mitigate the risks. Survivability is the capability of a system to fulfill its mission in a timely manner despite intrusions, failures, or accidents. The three tenets of survivability are (1) resistance to intrusions, (2) recognition of intrusion effects, and (3) recovery of services despite successful intrusions. The survivability of existing or planned systems can be analyzed at the level of system architectures or requirements. This report describes the Survivable Network Analysis (SNA) method developed at the SEI's CERT Coordination Center. The four-step SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened. The method focuses on preservation of essential system services that support the organizational mission. SNA findings are summarized in a Survivability Map that enumerates current and recommended architectural strategies. SNA has been successfully applied to commercial and governmental systems, and continues to evolve toward increasing rigor in its application.
Cite This Technical Report
Mead, N., Ellison, R., Linger, R., Longstaff, T., & McHugh, J. (2000, September 1). Survivable Network Analysis Method. (Technical Report CMU/SEI-2000-TR-013). Retrieved April 16, 2024, from https://insights.sei.cmu.edu/library/survivable-network-analysis-method/.
@techreport{mead_2000,
author={Mead, Nancy and Ellison, Robert and Linger, Richard and Longstaff, Thomas and McHugh, John},
title={Survivable Network Analysis Method},
month={Sep},
year={2000},
number={CMU/SEI-2000-TR-013},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/survivable-network-analysis-method/},
note={Accessed: 2024-Apr-16}
}
Mead, Nancy, Robert Ellison, Richard Linger, Thomas Longstaff, and John McHugh. "Survivable Network Analysis Method." (CMU/SEI-2000-TR-013). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, September 1, 2000. https://insights.sei.cmu.edu/library/survivable-network-analysis-method/.
N. Mead, R. Ellison, R. Linger, T. Longstaff, and J. McHugh, "Survivable Network Analysis Method," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2000-TR-013, 1-Sep-2000 [Online]. Available: https://insights.sei.cmu.edu/library/survivable-network-analysis-method/. [Accessed: 16-Apr-2024].
Mead, Nancy, Robert Ellison, Richard Linger, Thomas Longstaff, and John McHugh. "Survivable Network Analysis Method." (Technical Report CMU/SEI-2000-TR-013). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Sep. 2000. https://insights.sei.cmu.edu/library/survivable-network-analysis-method/. Accessed 16 Apr. 2024.
Mead, Nancy; Ellison, Robert; Linger, Richard; Longstaff, Thomas; & McHugh, John. Survivable Network Analysis Method. CMU/SEI-2000-TR-013. Software Engineering Institute. 2000. https://insights.sei.cmu.edu/library/survivable-network-analysis-method/