Engineering information assurance for critical infrastructures: The DITSCAP automation study

Seok Won Lee, Gail-Joon Ahn, Robin A. Gandhi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Recent advances in information technology have transformed the way in which mission-critical services get delivered and are evaluated today. These services are heavily and increasingly relying on an interdependent crossed network of critical information infrastructures, spanning from private to government sectors. In order to enable such infrastructures to efficiently mitigate risks, optimize their security posture and evaluate their information assurance (IA) practices, we identify the need for a structured and comprehensive methodology for IA-aware critical infrastructure protection. In this paper, we focus on the automation study of the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) that is a standard for certifying and accrediting the information networks that comprise of the Defense Information Infrastructure (DII). We attempt to generalize a course of actions in DITSCAP that motivate our design principles and modeling techniques, supported by their theoretical backgrounds and demonstrable prototype interfaces to establish their appropriateness.

Original languageEnglish (US)
Title of host publication15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005
Pages50-62
Number of pages13
Volume1
StatePublished - 2005
Externally publishedYes
Event15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005 - Rochester, NY, United States
Duration: Jul 10 2005Jul 15 2005

Other

Other15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005
CountryUnited States
CityRochester, NY
Period7/10/057/15/05

Fingerprint

Critical infrastructures
Accreditation
Information technology
Automation

Keywords

  • Critical Infrastructure Protection
  • Information Security Requirements Engineering
  • Information Systems Certification and Accreditation
  • Ontological Engineering
  • Risk Assessment

ASJC Scopus subject areas

  • Hardware and Architecture
  • Information Systems
  • Control and Systems Engineering

Cite this

Lee, S. W., Ahn, G-J., & Gandhi, R. A. (2005). Engineering information assurance for critical infrastructures: The DITSCAP automation study. In 15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005 (Vol. 1, pp. 50-62)

Engineering information assurance for critical infrastructures : The DITSCAP automation study. / Lee, Seok Won; Ahn, Gail-Joon; Gandhi, Robin A.

15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005. Vol. 1 2005. p. 50-62.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lee, SW, Ahn, G-J & Gandhi, RA 2005, Engineering information assurance for critical infrastructures: The DITSCAP automation study. in 15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005. vol. 1, pp. 50-62, 15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005, Rochester, NY, United States, 7/10/05.
Lee SW, Ahn G-J, Gandhi RA. Engineering information assurance for critical infrastructures: The DITSCAP automation study. In 15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005. Vol. 1. 2005. p. 50-62
Lee, Seok Won ; Ahn, Gail-Joon ; Gandhi, Robin A. / Engineering information assurance for critical infrastructures : The DITSCAP automation study. 15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005. Vol. 1 2005. pp. 50-62
@inproceedings{5475b7fa2b714dccbfbe3a9120a7d9fd,
title = "Engineering information assurance for critical infrastructures: The DITSCAP automation study",
abstract = "Recent advances in information technology have transformed the way in which mission-critical services get delivered and are evaluated today. These services are heavily and increasingly relying on an interdependent crossed network of critical information infrastructures, spanning from private to government sectors. In order to enable such infrastructures to efficiently mitigate risks, optimize their security posture and evaluate their information assurance (IA) practices, we identify the need for a structured and comprehensive methodology for IA-aware critical infrastructure protection. In this paper, we focus on the automation study of the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) that is a standard for certifying and accrediting the information networks that comprise of the Defense Information Infrastructure (DII). We attempt to generalize a course of actions in DITSCAP that motivate our design principles and modeling techniques, supported by their theoretical backgrounds and demonstrable prototype interfaces to establish their appropriateness.",
keywords = "Critical Infrastructure Protection, Information Security Requirements Engineering, Information Systems Certification and Accreditation, Ontological Engineering, Risk Assessment",
author = "Lee, {Seok Won} and Gail-Joon Ahn and Gandhi, {Robin A.}",
year = "2005",
language = "English (US)",
isbn = "9781622769285",
volume = "1",
pages = "50--62",
booktitle = "15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005",

}

TY - GEN

T1 - Engineering information assurance for critical infrastructures

T2 - The DITSCAP automation study

AU - Lee, Seok Won

AU - Ahn, Gail-Joon

AU - Gandhi, Robin A.

PY - 2005

Y1 - 2005

N2 - Recent advances in information technology have transformed the way in which mission-critical services get delivered and are evaluated today. These services are heavily and increasingly relying on an interdependent crossed network of critical information infrastructures, spanning from private to government sectors. In order to enable such infrastructures to efficiently mitigate risks, optimize their security posture and evaluate their information assurance (IA) practices, we identify the need for a structured and comprehensive methodology for IA-aware critical infrastructure protection. In this paper, we focus on the automation study of the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) that is a standard for certifying and accrediting the information networks that comprise of the Defense Information Infrastructure (DII). We attempt to generalize a course of actions in DITSCAP that motivate our design principles and modeling techniques, supported by their theoretical backgrounds and demonstrable prototype interfaces to establish their appropriateness.

AB - Recent advances in information technology have transformed the way in which mission-critical services get delivered and are evaluated today. These services are heavily and increasingly relying on an interdependent crossed network of critical information infrastructures, spanning from private to government sectors. In order to enable such infrastructures to efficiently mitigate risks, optimize their security posture and evaluate their information assurance (IA) practices, we identify the need for a structured and comprehensive methodology for IA-aware critical infrastructure protection. In this paper, we focus on the automation study of the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) that is a standard for certifying and accrediting the information networks that comprise of the Defense Information Infrastructure (DII). We attempt to generalize a course of actions in DITSCAP that motivate our design principles and modeling techniques, supported by their theoretical backgrounds and demonstrable prototype interfaces to establish their appropriateness.

KW - Critical Infrastructure Protection

KW - Information Security Requirements Engineering

KW - Information Systems Certification and Accreditation

KW - Ontological Engineering

KW - Risk Assessment

UR - http://www.scopus.com/inward/record.url?scp=84883302612&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883302612&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84883302612

SN - 9781622769285

VL - 1

SP - 50

EP - 62

BT - 15th Annual International Symposium of the International Council on Systems Engineering, INCOSE 2005

ER -