Accession Number:

ADA503524

Title:

Defense Graphs and Enterprise Architecture for Information Assurance Analysis

Descriptive Note:

Conference paper

Corporate Author:

ROYAL INST OF TECH STOCKHOLM (SWEDEN)

Report Date:

2008-12-01

Pagination or Media Count:

9.0

Abstract:

The JQRR metrics for Information Assurance IA and Computer Network Defense CND are combined with a framework based on defense graphs. This enables the use of architectural models for rational decision making, based on the mathematical rigor of extended influence diagrams. A sample abstract model is provided, along with a simple example of its usage to assess access control vulnerability. With the advent of Network Centric Warfare, Information Assurance IA is becoming ever more important to the success of military operations. Reliable and secure IT systems are vital to ensure success on the battlefield, and precisely because of this, they also become the focus of adversarial attention. IA, however, is a complicated function of many different concepts such as technical countermeasures, organizational policies, security procedures, and more. Measuring the level of IA, therefore, is a non-trivial exercise making rational decisions and prioritizations about the use of scarce resources is ever more so. To efficiently protect computer networks and the information stored in them, combatant commanders and combat support agencies need to be able to assess the current security level of their IT systems as well as the security level after improvements. An example of a framework for such assessment is the Information Assurance IA and Computer Network Defense CND Joint Quarterly Readiness Review JQRR Metrics, which provides six different categories of metrics, used for readiness assessments of US forces 1. Personnel, 2. Training, 3. Operations, 4. Technology equipment, 5. Supporting Infrastructure, and 6. Intelligence.

Subject Categories:

  • Information Science
  • Computer Systems
  • Test Facilities, Equipment and Methods
  • Military Operations, Strategy and Tactics
  • Command, Control and Communications Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE