The Security Engineering Risk Analysis (SERA) Method defines a systematic approach for evaluating cybersecurity risk in highly complex networked environments. The SERA Method uses a scenario-based approach to analyze how an attacker could leverage available attack vectors and technology vulnerabilities to compromise confidentiality, integrity, and availability of mission-critical data and impact operational mission success. SERA can be applied at any point in the lifecycle to construct cyber-risk scenarios that show how the technology within a system and its context including supply chains and trusted connections in a system-of-systems provides opportunities for attackers to disrupt mission execution. Analysis of the scenarios will determine what risks are critical and which controls are important to reduce mission impact.
CSIAC Webinars - Security Engineering Risk Analysis (SERA): Connecting Technology Risk To Mission Impact
Notice: This podcast video may contain personal or third-party views and opinions not associated with the government.
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/
Download Associated Files:
You must be logged in to download files associated with this video podcast. Click here to login.
Presenter
Dr. Carol Woody
Dr. Carol Woody is a principal researcher for the CERT division of the Software Engineering Institute at Carnegie Mellon University. Her research focuses on building capabilities and competencies for measuring, managing, and sustaining cybersecurity for highly complex networked systems and systems of systems. Dr. Woody has successfully implemented technology solutions for such diverse domains as banking, mining, manufacturing and finance. She has coauthored a book Cyber Security Engineering: A Practical Approach for Systems and Software Assurance published by Pearson Education as part of the SEI Series in Software Engineering. The CERT Cybersecurity Engineering and Software Assurance Professional Certificate, released in March 2018, is based on the research she led. Dr. Woody holds a B.S. in mathematics from the College of William & Mary, an M.B.A. with distinction from Wake Forest University, and a Ph.D. in information systems from NOVA Southeastern University.
Dr. Woody, I really enjoyed your presentation. The SERA approach is very thoughtful, multi-faceted tool that can allow a number of analysis approaches to be “merged” in with it.
You had me at the the “system thread” approach and tracing it back to the mission or operational contexts. Great approach.
Thank You, Charles McMahon
AFLCMC Systems/Cybersecurity Engineer