Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks
September 2006 • Technical Note
In this 2006 report, Howard Lipson uses an example to illustrate the critical importance of evolutionary design changes in secure and survivable systems.
Software Engineering Institute
CMU/SEI Report Number
A fundamental truth of system design is that, in the absence of countermeasures, a system's security and survivability will degrade over time. Changes in the environment or usage of a system, or changes to the elements that compose the system, often introduce new or elevated threats that the system was not designed to handle and is ill-prepared to defend itself against. The first step in evolving to meet new threats to your system's security and survivability is to recognize the need to modify your system, that is, to recognize changes in security and survivability risks that trigger the need to enter the evolution phase of the system development life cycle.
It is essential that significant risk management resources be devoted to the ongoing evolution of any mission-critical system. The successful evolutionary design of a secure and survivable system is dependent on the continual monitoring of the system and its environment to detect changes that may affect the risk management assumptions on which the system's security and survivability are founded.