System Security Architecture Paper Available

According to Howard Lipson, a fundamental truth of system design is that, in the absence of countermeasures, a system’s security and survivability will degrade over time. Okay, I'll go along with that.

In his recently released paper entitled "Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks" Lipson goes on to say that changes in a system's environment, or changes to the elements that compose the system, can introduce new or elevated threats that the system was not designed to handle and is ill-prepared to defend itself against. He adds that the first step in evolving to meet new threats to your system’s security and survivability is to recognize the need to modify your system.

Lipson's paper, which has been published by the Software Engineering Institute at Carnegie Mellon University, is interesting and readable--and well worth the time you spend reading it.

Posted by Jon Erickson at 03:33 PM  Permalink