Survivability: Protecting Your Critical Systems
Robert J. Ellison, David A. Fisher, Richard C. Linger, Howard F. Lipson
Thomas A. Longstaff, Nancy R. Mead
CERT® Coordination Center
Software Engineering Institute, Carnegie Mellon University
Pittsburgh, PA 15213-3890
Summary
Nowadays internet use is growing progressively more than the price of gasoline and the society has also increased growth dependence on it. Internet is one good example of a highly distributed system that operates in unbounded network environments and it is known that it has no integrated security policy. The paper describes the survivability approach to guarantee that systems that operate in an unbounded network is dynamic in the presence of attack and will survive attacks that will result in successful interruptions. It also included in the paper some discussions of survivability as an integrated engineering framework, the current state of survivability practice, the specification of survivability requirements, the strategies for achieving survivability, and some survivability solutions.
The paper also talks about the capability of a survivable system to fulfill its mission in a timely manner is thus linked to its ability to deliver essential services in the presence of an attack, accident or failure. It is stated that a system is prone to attacks because internet itself has no central administrative control causing unauthorized persons to access a system.
Evaluation
It is been clearly stated in the paper that even hardened systems can and will be broken. Thus survivability solutions should be incorporated into both new and existing system to help them avoid the potentially devastating effects of compromise and failure due to attack. I find it very helpful especially in organizations in order to fully understand things with regards to protecting a system.
The paper explains everything. It is well presented enough for the reader to comprehend and it is doesn’t strain you eyes because the text are well presented.
References:
http://www.cert.org/archive/html/protect-critical-systems.html
No comments:
Post a Comment