OMG Technical Meeting - March 2013

Presentation to UPDM Group

Security View
 Agenda

Introduction
Presentation Objectives
Background
Overview
Security View Details
Next Steps
Q&A
2
 Presentation Objectives

Introduce DRAFT Security View

For each sub-view:
Purpose, Description, Concepts
Conceptual Architecture & Deliverables
Sample attribution template
Convey essence and flow of security
lifecycle;
Our road ahead for SecV
3
 Background

Drivers
Security at the front not as an
afterthought
Information & IT Security Capability
confidentiality, integrity, availability, non-
repudiation, and audit-ability
of defence information and the supporting
systems and networks.
Pan-enterprise Security
 Background

Collaborators
Security is special
normally involves Specialists
has unique perspectives
IM & IT Security at the forefront
Key Collaborators:
IM & IT Security (D IM Secur)
IT Engineering & Integration (DIMEI)
 Background

Outcome
Redesign and partitioning of SecV-1 into
1a and 1b
No change to existing SecV-2 and 3
Discovery of new business
requirements leading to SecV-4, 5, 6 &
7
 Overview

Draft Sub-views
SecV-1a: Asset Security Domain & Valuation Rating
SecV-1b: Asset-at-Node Security Strength Requirement
SecV-2: Data Element Security Matrix
SecV-3: Aggregated Information Security Matrix
SecV-4: Security Control Specification
SecV-5: Security Control Profile
SecV-6: Security Control Service Profile
SecV-7: Asset-At-Node Threat Mitigation
 Security Methodology (1/1)
SecV-1a SecV-1b SecV-2 SecV-3
Asset Asset-at- Data Aggregated
Security Node Element Information
Domain & Security Security Security
Valuation Strength Matrix Matrix
Rating Requiremen
t

Conduct Asset Conduct TRA; Assess IERs and Register

Sensitivity; Assign Assign Security SDEs; Assign Classified Data
Security Domain Strength Security Element
& Valuation Rating Requirement Classification Combinations

Asset TRA Results Resource Flow

Data Element
Classification and Security &
Combinations
and Valuations Strength IER & SDE
Risk Register
Lists Requirements Assessments

8
 Security Methodology (2/2)
SecV-4 SecV-5 SecV-6 SecV-7
Security Security Security Asset-at-
Control Control Control Node Threat
Specificatio Profile Service Mitigation
n Profile

Establish Security
Define Security
Establish Security Services to
Define Security Services;
Control Profile for address
Controls Establish Security
Asset (FoS) & Asset-at-Node
(CSEC & DND) Control Service
Asset-at-Node Security Needs
Profile

Security
Security Security Asset-at-Node
Service
Control Control Profile Threat
Taxonomy &
Taxonomy for Asset & Mitigation
Service
Asset-at-Node Specification
Profiles

9
 SecV-1a Purpose
SecV-1a : Asset Security Domain and Valuation Rating

The Asset (typically a member at some level of

abstraction within the Asset FoS Family of Systems)
would undergo an Asset Sensitivity Analysis; the
resulting Statement of Sensitivity is described and
referenced in SecV-1a.

Based on the sensitivity analysis, the Security Officer

determines and assigns a Security Domain to the
Asset.

The DND Security Officer is also able to assign a

Valuation Rating (Very Low to Very High) to the Asset.

10
 Asset within FoS Structure

Asset

Materiel System Personnel Cash

IT System
Weapons Communications
e.g. SAP

SAP Sub-System SAP Sub-System SAP Sub-System

A/R G/L Payroll

SAP Application SAP Application SAP Application

Module G/L 01 Module G/L 02 Module 03

11
 Security Classification
Taxonomy
Security Domain (e.g.) Security Caveat (e.g.)
UNCLASSIFIED CANUK
PROTECTED A NATO
PROTECTED B AUSCANNZUKUS
PROTECTED C CANUS
CONFIDENTIAL FOUR EYES
SECRET FIVE EYES
TOP SECRET

 SecV-1a Conceptual Model
Recommends Asset Determines
Statement of Sensitivity

Results in

Valuation Values Classifies Security

Asset (FoS)
Rating Domain

Information Systems

Cash INCLUDES Equipment

Resource
Personnel Sub Types Real Property

13
 SecV-1a Attribution
Template

Example: Data Collection Dialog for

Asset Valuation and Security Classification
 SecV-1b Purpose
SecV-1b: Asset-At-Node Security Strength Requirement

The logical Asset

classified & valued via SecV-1a
deployed (assigned) to a Node (OV-2)
Initiates a Threat Risk Assessment (TRA) being
now referred to as Asset-At-Node.
SecV-1b enables the capture of relevant information from
the TRA, including links to threats, vulnerabilities, impacts,
and control objectives.
The TRA enables the DND Security Officer to assign a
Security Strength Requirement Rating to the Asset at
Node.

15
 SecV-1b Conceptual Model

Asset-at-Node
Recommends Determines
Threat Risk Assessment
(TRA)
Security Strength
Requirement Matrix
3 3 4 4 4 5 5 5
3 3 4 4 4 5 5 5 Assignment of Security
Exposure

3 3 3 3 3 4 4 4 Asset to Node Control

2 2 2 2 2 4 4 4 Initiates Objectives
1 1 1 1 2 3 3 3
1 1 1 1 2 2 3 3
Impact

Assigned to Node

Asset
Operational Node
Refer OV-2

16
 SecV-1b Attribution
Template

Example: Data Collection Dialog for

Asset@Node TRA and Security Strength Requirement
 SecV-2 Purpose
SecV-2 Data Element Security Matrix

The OV-3 and SV-6 sub-views require that the

security parameters of each Information Exchange
Requirement (IER) and System Data Exchange
(SDE) be analyzed and documented.
The security classification of an IER or SDE is
based on the fact that it contains one or more data
elements of that security level.
SecV-2 enables the security classification and
requirements of the set of data elements that
comprise the IER or SDE.
Covers both privacy and national security issues.

18
 SecV-2 Data Model (DADM)
SECURITY-CLASSIFICATION CAVEAT
classifies restricts

is classified by is restricted by

CAVEATED-SECURITY-CLASSIFICATION

restricts is for

is restricted by

SYSTEM-EXCHANGE

uses

is used by has

DATA-ATTRIBUTE

19
 SecV-3 Purpose

SecV-3 Aggregated Information Security Matrix

Aggregation of Data can result in higher classified

Information
Registration of Data Element Combinations
Potential for security issues is captured
Some analysis required

20
 SecV-3 Data Model (DADM)

AGGREGATE-TYPE
classifies SECURITY-CLASSIFICATION CAVEAT
classifies restricts

is classified by

INFORMATION-AGGREGATE is classified by is restricted by

applies to is classified by CAVEATED-SECURITY-CLASSIFICATION

classifies

is for

has

DATA-ATTRIBUTE
has

21
 SecV-4 Purpose
SecV-4 Security Control Specification

SecV-4 enables definition and maintenance of

Security Controls in a taxonomy
Security Controls
reusable objects that can be shared
and associated to Assets;
Allows Security Control XREF to policies, legislation
and regulations, standards, other knowledge artifacts,
e.g.:
ITSG 33 Annex 3 (CSEC)
NIST 800-53 Rev 3

22
 SecV-4 Conceptual Model
INCLUDES:
Security Control Management
Class Technical
Operational

Comprises

For Example:
Security Control Access Control
Family Awareness and Training
Personnel Security

Organizes
XREF links to
Knowledge
Security Links
Artifacts in
Control
For Example: Corporate Memory,
AC 17 Remote Access Web or elsewhere

23
 SecV-4 Attribution Template

Example: Data Collection Dialog for

Security Control Specification
 SecV-5 Purpose
SecV-5: Security Control Profile

SecV-5 enables the association of Security Controls

that are applicable to an Asset (FoS).
This is referred to as the Asset Security Control Profile.

SecV-5 further allows the Security Officer to create

and maintain a similar Profile for the Asset-At-Node;
The Asset-at-Node would automatically inherit (as default)
the Asset Security Control Profile as a starting point.
The end result is titled the Asset-At-Node Security Control
Profile.

25
 SecV-5 Conceptual Model

Refers Asset Security Identifies Asset

Control Profile (FoS)

Security Deployed
Control to

Selects Asset-At-Node Requires Node

Security Control
Profile Asset

26
 SecV-5 Attribution Template

Example: Data Collection Dialog for

Security Control Profile
 SecV-6 Purpose
Sec V-6: Security Control Service Profile

SecV-6 does two distinct things:

enables the specification and maintenance of the Security
Service
links a subset of Security Services to a Security Control; this
is referred to as the Security Control Service Profile.

Security Services
reusable security mitigation mechanisms.
can be automated or manual
automated security services can be further defined in terms
of its hardware and software components.

28
 SecV-6 Conceptual Model
(1/2)
Security
Service

Sub-Type

Automated Non-Automated
Security Service Security Service

Comprises

Security Service Security Service

Software Component Hardware Component

29
 SecV-6(1) Attribution
Template

Example: Data Collection Dialog for

Security Service Specification
 SecV-6 Conceptual Model
(2/2)
Security Control
(SecV-4)

Manages

Security Control
Service Profile

Mitigated By

Security
Service

31
 SecV-6(2) Attribution
Template

Example: Data Collection Dialog for

Service Control Service Profile
 SecV-7 Purpose

SecV-7: Asset-At-Node Threat Mitigation

SecV-7 enables creation and

maintenance of an Asset-At-Node
Threat Mitigation Package:
comprises a subset of Security Services
needed by the Security Controls to protect
the Asset-at-Node.
Selection is influenced by the Strength
Requirement Rating

33
 SecV-7 Conceptual Model
Node Asset-At-Node Security Refer
Asset Control Profile SecV-5

Refer Security Control

Security Control
Requires SecV-4 Service Profile

Refer
Asset-at-Node Threat SecV-6
Mitigation Package Selects
Security Service

Comprises Mitigation Security

Refer Control Service
SecV-1b
Asset-At-Node Security Influences
Strength Requirement

34
 SecV-7 Attribution Template

Example: Data Collection Dialog for

Threat Mitigation Package
 Asset-At-Node Mitigation
Lifecycle
Deployed to Node
Asset
Asset
Refer SecV-1a
has

Asset-At-Node Security Determines Asset-at-Node Security

TRA
TRA Control Profile
Strength Requirement
Refer SecV-5
Refer SecV-1b Establishes
has

Security Control Security Control

Objectives Refer SecV-4
Required by
Influences

Asset-at-Node Threat Mitigated By Security Control Security Control

Mitigation Pkg Service Service Profile
Refer SecV-7 Refer SecV-6 (1) Refer SecV-6 (2)
 Road Ahead

Theoretical product, at this point

Much work remains
ensure responsive to needs
Confirm concepts are valid, not redundant
Validation effort initiated
Update at next meeting in June.

37
 EA
Security View Road Map
IOC FOC
Today

2012 2013 2014

ACTIVITY S O N D J F M A M J J A S O N D J F M A M J J A S O N D

Preliminary Development Work 15 Mar

Presentation of Draft to OMG

Testing and validation

Finalize Security Views

Presentation of Final to OMG

Publish SecV in DNDAF

Implement SecV in Qualiware

 Q&A
Looking for Feedback and Encouraging Wider
Collaboration

Contacts:
VINCENT.QUESNEL@forces.gc.a
EA Programme Support
(613) 993-6164

GREG.ERICKSON@forces.gc.ca
EA Development
(613) 990-8341

39
 SecV-1a Class Diagram

40
 SecV-1b Class Diagram

41
 SecV-2 Class Diagram

42
 SecV-3 Class Diagram

43
 SecV-4 Class Diagram

44
 SecV-5 Class Diagram

45
 SecV-6 Class Diagram

46
 SecV-7 Class Diagram

47