ATTACK SURFACE ANALYSIS: Reduce System and Organizational Risk

Woody, Carol; Ellison, Robert

ATTACK SURFACE ANALYSIS: Reduce System and Organizational Risk

Active / Technical Report | Accesssion Number: AD1110322 |

Open PDF

Abstract:

Much effort is expended implementing security controls and practices to address mandated policy. How-ever, operational experience is showing that these steps are necessary, but not sufficient. The mantra to think like an attacker has been widely bandied by experts and contractors in the field. For those who struggle daily to make technology perform as needed, this advice poses a major challenge. Attacker capabilities are increasing continually. How should one determine and address possible system attacks?

Author(s):

Woody, Carol ; Ellison, Robert ; Woody, Carol ; Ellison, Robert

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA

Funding Organization(s):

Publication Date:

2020 Jun 01

Pagination:

0

Security Markings

RECORD

Collection: TRECMS

Subject Terms

Modernization Areas:

Cyber

Communities of Interest:

No COI(s) Identified

Descriptor(s):

computer programs, code injection, software development, computer programming, cybersecurity, cyberattacks, engineering, supply chain, vulnerability, acquisition, commerce, contractors, failure mode and effect analysis, department of defense, risk, security

Keyword(s):

security controls

Subject Categories:

Mathematical and Computer Sciences

Update Date:

2020 Oct 02