icon-carat-right menu search cmu-wordmark

Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks

Technical Note
In this 2006 report, Howard Lipson uses an example to illustrate the critical importance of evolutionary design changes in secure and survivable systems.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2006-TN-027
DOI (Digital Object Identifier)
10.1184/R1/6573623.v1

Abstract

A fundamental truth of system design is that, in the absence of countermeasures, a system's security and survivability will degrade over time. Changes in the environment or usage of a system, or changes to the elements that compose the system, often introduce new or elevated threats that the system was not designed to handle and is ill-prepared to defend itself against. The first step in evolving to meet new threats to your system's security and survivability is to recognize the need to modify your system, that is, to recognize changes in security and survivability risks that trigger the need to enter the evolution phase of the system development life cycle. 

It is essential that significant risk management resources be devoted to the ongoing evolution of any mission-critical system. The successful evolutionary design of a secure and survivable system is dependent on the continual monitoring of the system and its environment to detect changes that may affect the risk management assumptions on which the system's security and survivability are founded.

Cite This Technical Note

Lipson, H. (2006, September 1). Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks. (Technical Note CMU/SEI-2006-TN-027). Retrieved December 22, 2024, from https://doi.org/10.1184/R1/6573623.v1.

@techreport{lipson_2006,
author={Lipson, Howard},
title={Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks},
month={{Sep},
year={{2006},
number={{CMU/SEI-2006-TN-027},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6573623.v1},
note={Accessed: 2024-Dec-22}
}

Lipson, Howard. "Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks." (CMU/SEI-2006-TN-027). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, September 1, 2006. https://doi.org/10.1184/R1/6573623.v1.

H. Lipson, "Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2006-TN-027, 1-Sep-2006 [Online]. Available: https://doi.org/10.1184/R1/6573623.v1. [Accessed: 22-Dec-2024].

Lipson, Howard. "Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks." (Technical Note CMU/SEI-2006-TN-027). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Sep. 2006. https://doi.org/10.1184/R1/6573623.v1. Accessed 22 Dec. 2024.

Lipson, Howard. Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks. CMU/SEI-2006-TN-027. Software Engineering Institute. 2006. https://doi.org/10.1184/R1/6573623.v1