Many organizations are associated with producing, using, or funding technologies, practices, and policies purported to address assurance, a justified level of confidence that systems (and systems of systems) will function as intended within their operational environment. Understanding the value these solutions provide to assurance is often indirect and unclear. Where are the critical gaps in available technologies and practices? Where should resources be invested to gain the most benefit? To accelerate the formation and adoption of solutions, a more systematic approach is needed to model the assurance landscape.
The SEI is developing a way to model key aspects of assurance to accelerate the adoption of assurance solutions within operational settings for the Department of Defense and other government organizations. SEI researchers have developed an Assurance Modeling Framework to build a profile for an assurance capability area such as vulnerability management within an assurance quality such as security. The profile consists of multiple views developed using selected methods and models. From the analysis of these views, inefficiencies and candidate improvements for assurance adoption can be identified. This presentation describes the framework, a pilot of the framework, and selected insights gained from applying the framework.
About the Speakers
Lisa Brownsword is a senior member of the Systems of Systems Practices (SoSP) initiative at the SEI. She is currently developing methods to analyze the organizational, governance, and management aspects for SoS environments. Lisa is also co-developing a modeling framework for analyzing the software assurance landscape as part of the SoS Software Assurance (SoSSA) initiative. Previously, she was a member of the COTS-Based Systems (CBS) initiative where she developed the Evolutionary Process for Integrating COTS-based systems (EPIC). Lisa has more than 20 years of experience in developing large, complex software-reliant systems along with training and consulting on a variety of software engineering practices. She has authored numerous articles and technical reports and delivered presentations at conferences and workshops worldwide.
Using over 25 years of experience in software development and project management spanning mainframe, client-server, and Web environments in higher education, banking, government, and manufacturing, Carol Woody is leading projects at the SEI to improve management strategies to address security, survivability, and reliability in the development and operational support of complex software and systems. Carol is a member of the Risk Assessment Working Group established by the EDUCAUSE/Internet2 Security Task Force. She was a developer and currently teaches the OCTAVE Methodology, an operational security risk methodology created by SEI. She is a distinguished speaker for IEEE. Carol holds a B.S. in mathematics from the College of William and Mary, an M.B.A with distinction from Wake Forest University, and a PhD in Information Systems from Nova Southeastern University.