Annual Computer Security Applications Conference (ACSAC) 2014

Full Program »

M3. Security Risk Management using the Security Engineering Risk Analysis (SERA) Method

Monday, 8 December 2014
08:30 - 12:00


Security risk analysis can be employed to reduce design weaknesses in software-reliant systems. During the acquisition and development of software-reliant systems, the focus is primarily on meeting functional requirements within cost and schedule constraints, often deferring security to later life-cycle activities. Operational security vulnerabilities generally have three main causes: (1) design weaknesses, (2) implementation/coding vulnerabilities, and (3) system configuration errors. Addressing design weaknesses as soon as possible is especially important because these weaknesses are not corrected easily after a system has been deployed. Remediation normally requires extensive redesign of the system, which is costly and often proves to be impractical. The SERA method provides systems engineers with a structure to connect desired system functionality with the underlying software to evaluate the sufficiency of requirements for software security.

This method was used to develop security guidelines for the implementation of the Wireless Emergency Alerting (WEA) capability in April 2013. This approach has also been applied to meet the NIST Risk Management Framework requirements as described in NIST 800-37 and the US Department of Defense Program Protection Plan requirements.



  1. Introduction (45 minutes)

    Topics: Program Risks. Early Life-Cycle Security Value Proposition. Risk Management Concepts. Overview of the SERA Method.

  2. Establish Operational Context (Task 1) (35 minutes)

    This module provides an overview of Task 1 of the SERA method. The emphasis of Task 1 is on establishing the operational context for the system being analyzed.

    Topics: Task 1 Overview. Critical Asset Identification.

  3. Identify Risk (Task 2) (40 minutes)

    This module provides an overview of Task 2 of the SERA method. The basic elements of risk are introduced in module 1 of this course; module 3 builds on this foundation by presenting the concept of a risk scenario.

    Topics: Task 2 Overview. Risk Identification.

  4. Analyze Risk (Task 3) (15 minutes)

    This module provides an overview of Task 3 of the SERA method. Here, the risk scenarios identified during Task 2 are prioritized based on their probability and impact values.

  5. Develop Control Plan (Task 4) (30 minutes)

    This module provides an overview of Task 4 of the SERA method. A control plan is defined and documented for all cybersecurity risks that are not accepted. Risk-mitigation plans typically include actions from the following categories: (1) recognize and respond, (2) resist, and (3) recover.

    Topics: Task 4 Overview. Control Planning.

  6. Summary (15 minutes)

    This module summarizes key concepts presented in the course, shows how well the course met students' expectations, and answers any final questions the students might have.

About the Instructor:

Dr. Carol Woody has been a senior member of the technical staff at the Software Engineering Institute since 2001. Currently she is the technical manager of the CERT Cybersecurity Engineering team which addresses security and survivability throughout the development and acquisition lifecycles, especially in the early stages. Her work focuses on building capabilities for measuring, managing, and sustaining secure software for highly complex networked systems and systems of systems. Dr. Woody holds a B.S. in mathematics from the College of William & Mary, an M.B.A. from Wake Forest University, and a Ph.D. in information systems from NOVA Southeastern University.


Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC