6. 2.5 Summary and Further Reading (including Information on Seminar Exercises)

Watch

The part 2 safety and security videos from our industrial partners in the module with Copyrighted Material.

Read

Elective

Mandatory

Seminar Description
Area Visualization
Data Assets Visualization
Security Visualization

Do

1. For the first part of the seminar day:

(Possibly together with others) Study the framework given to you, and put together a 25-minute presentation, emphasising:
- What is the history of the framework (who put it together and why)?
- How does the framework relate to the 4+1 principles of assurance?
- Is it implicit or explicit?
- What are its special characteristics in comparison to other frameworks?

You hand in the presentation here in a PPTx format, with what you aim to say during the presentation in the notes to each slide.

2. For the second part of the seminar day:

Read through scenario description.
Identify and detail at least three (3) threat actors according to categories you think are important. (For instance, think Who (intent, access, skill, resources...) and How (Reason, Target outcome, ...).) Choose one threat actor which you think is especially important.
What is the objective of this threat actor, and what is the impact if an associated attack is successful? Describe this in a short (one paragraph) attack scenario description.
Identify and detail an attack through which the threat actor could succeed with the objective. Visualize the attack in an Attack Tree. Expand the tree further with other attacks.
Use a structured approach to identify how you might deter, detect, delay, respond or recover from the attacks. E.g., for each node in the Attack Tree, define appropriate controls. If not obvious, motivate the appropriateness of the mitigation (controls) with the impact of a successful attack.
Use a structured approach to identify hazards affected by tampering with the system. E.g., use CRAF to link data security to data safety. Describe one such link in a short (one paragraph) causality description.
Suggest the most important redesign of the system to avoid security affecting safety.
Prepare a short presentation to argue for this redesign, using the material you have put together so far.

You should aim for a system's perspective in this exercise. It is important to realize that the system and its context implies both the likely character of threats/hazards and limitations/opportunities for mitigation measures. Generic approaches ("Give each employee a secure token for accessing the system") are not always possible to use ("Those accessing the system might not all be employees and often replaced.") or meaningless ("The most likely threat is an disgruntled insider with high security clearance."). By contrast, contextual factors can provide opportunities that are not usually present ("We limit the risk of accidents by allowing safe storage even of contraband, if an attacker has made it past X security barriers".)

You hand in the presentation here in a PPTx format, with what you aim to say during the presentation in the notes to each slide.