Upload
godfrey-goodman
View
218
Download
0
Embed Size (px)
Citation preview
1
Information Security Planning GuideInformation Security Planning Guide
CCSDS Security WG Spring 2005 CCSDS Security WG Spring 2005 Athens, GRAthens, GR
Howard WeissNASA/JPL/SPARTA
[email protected]+1-410-872-1515
April 2005
2
AGENDAAGENDA• 11 April 2005
– 1030-1200: Joint meeting with Space Link Support Area• 13 April 2005
– 0900-0915: Welcome, opening remarks, logistics, agenda bashing– 0915-0930: Review results of Fall 2004 SecWG meeting in Toulouse
Mtg Notes– 0930-1000: Security Architecture Document Discussions (Kenny)– 1000-1030: coffee break– 1030-1200: Security Architecture Document Discussions, cont– 1200-1330: Lunch– 1330-1415: Anti-Jamming/Spread Spectrum (Olsen)– 1415-1500: Final review Threat Document (Weiss)– 1500-1530: coffee break– 1530-1700: Key management discussion (Kenny)
• 14 April 2005– 0900-0930: Information Security Planning Guide (all)– 0930-1000: Security Policy Framework (all)– 1000-1030: break– 1030-1200: Crypto and Authentication Standards (Weiss)
3
What is This?What is This?
• Last seriously discussed in Fall 2003 meeting– Security Guide for the mission planner
• A guide to mission planners beyond the Security Green Book and Threat Document– Cookbook containing the essence of both the Green
Book and the Threat Book?
“Security for Dummies”
4
What Might It Contain?What Might It Contain?
• Sections might include:– Project mission roles and responsibilities– Security overview (a la Green Book)– Threat/risk analysis– Risk mitigation– Security planning (a la Security Architecture document)– Security mechanisms (a la Green Book)– Contingency and disaster mitigation– Etc.
5
Other AlternativesOther Alternatives
• ISO 15408: Common Criteria for Information Technology Security Evaluation – Protection Profiles (PP) are produced as security
“acquisition” documents» Collection of system security requirements that the
system “user” wants to purchase– Security Targets (ST) are produced by vendors to
describe the security characteristics of their system.• Use the CC as the basis for describing the mission
security requirements?– Use the existing CCToolbox?– Extend/modify the CCToolbox for space environments?
6
CCToolboxCCToolbox
• SPARTA-developed for US National Information Assurance Partnership (NIAP)
• Freely available (although no longer supported)– Written in Java– ftp://ftp.sparta.com/pub/columbia/cctb.zip
• “Interviews” PP or ST developer to walk through the developer though the myriad mess of the CC.– Akin to TurboTax that walks folks in the US through
their income tax preparation
7
8
9
10
CCToolbox DemoCCToolbox Demo
• CCToobox Start
11
Discussion ResultsDiscussion Results