The Architecting of Security Systems – a UK Approach
The presentation will canter rapidly across many security concepts that underpin our work. It will cover the “risk equation” and how it is tricky to apply to security. An alternative approach to traditional probabilities will be introduced, focusing more on deterrence and “defense in breadth”. A “balance sheet” model will be covered to underpin deterrence along with the concept of “deterministic security” to provide more quantifiable assurance. The concept of a “security theme” will be introduced along with an inner “ring” of security that is designed to meet the requirements of a “security sub-system”. This de-conflicts security & operations requirements, whilst meeting technical constraints and has resulted in a generic list of implementation-free security functions for all systems. Finally, the place of scenario analysis and the synthesis of real functional requirements will be touched upon. As a whirl-wind presentation, it is hoped to trigger some areas for further discussion rather than go into depth on particular topics.