ATTACK SURFACE ANALYSIS: Reduce System and Organizational Risk

Abstract

Much effort is expended implementing security controls and practices to address mandated policy. How-ever, operational experience is showing that these steps are necessary, but not sufficient. The mantra to think like an attacker has been widely bandied by experts and contractors in the field. For those who struggle daily to make technology perform as needed, this advice poses a major challenge. Attacker capabilities are increasing continually. How should one determine and address possible system attacks?

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2020
Accession Number
AD1110322

Entities

People

  • Carol C. Woody
  • Robert J. Ellison

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Acquisition
  • Code Injection
  • Commerce
  • Computer Programming
  • Computer Programs
  • Contractors
  • Cyberattacks
  • Cybersecurity
  • Department Of Defense
  • Engineering
  • Failure Mode And Effect Analysis
  • Risk
  • Security
  • Software Development
  • Supply Chain
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Defense Acquisition Program Management
  • Educational Psychology
  • Strategic Security Studies