Thursday, May 13, 2010
Time: 1:00 PM – 2:00 PM EDT
Many organizations are associated with producing, using, or funding technologies, practices, and policies purported to address assurance—a justified level of confidence that systems (and systems of systems) will function as intended within their operational environments. Understanding the value these solutions provide to assurance is often indirect and unclear. Where are the critical gaps in available technologies and practices? Where should resources be invested to gain the most benefit? To accelerate the formation and adoption of solutions, a more systematic approach is needed to model the assurance landscape.
The SEI is developing a way to model key aspects of assurance to accelerate the adoption of assurance solutions within operational settings for the Department of Defense and other government organizations. SEI researchers have developed an Assurance Modeling Framework to build a profile for an assurance capability area such as vulnerability management within an assurance quality such as security. The profile consists of multiple views developed using selected methods and models. From the analysis of these views, inefficiencies and candidate improvements for assurance adoption can be identified. This presentation describes the framework, a pilot of the framework, and selected insights gained from applying the framework.
About the Speakers
Using over 25 years of experience in software development and project management spanning mainframe, client-server, and Web environments in higher education, banking, government, and manufacturing, Carol Woody is leading projects at the SEI to improve management strategies to address security, survivability, and reliability in the development and operational support of complex software and systems. Carol is a member of the Risk Assessment Working Group established by the EDUCAUSE/Internet2 Security Task Force. She was a developer and currently teaches the OCTAVE methodology, an operational security risk methodology created by SEI. She is a distinguished speaker for IEEE. Carol holds a B.S. in mathematics from the College of William and Mary, an M.B.A with distinction from Wake Forest University, and a PhD in Information Systems from Nova Southeastern University.