Method for systematically and objectively assessing system security risk

Abstract

A method for developing an information system specification includes: performing, from a design specification for an information system having a functional and structural component, an information assurance component and an anti-tamper component, a trust analysis identifying which components of the information system the information system must trust to enforce a security policy and providing a trust score; performing for each system element in the information system a trustworthiness assessment and providing a trustworthiness score; performing mitigation to reduce a trust gap as determined from the trust score and the trustworthiness score; performing a vulnerability assessment to identify residual vulnerabilities determined from the vulnerability assessment; mitigating the residual vulnerabilities by designing preventive and reactive countermeasures to reduce the number of residual vulnerabilities; designing and applying anti-tamper techniques to cyber RCPI to ensure countermeasure effectiveness; assessing the countermeasures applied to the information system; assessing the security risk associated with the remaining residual vulnerabilities to determine if such residual vulnerabilities are acceptable to protect critical data and technology in the information system; and changing and updating system requirements for the information system as required by the designing preventive and reactive countermeasures step and the designing and applying anti-tamper techniques step.