Specifying System Security RequirementsTuesday, 3:30, Regency AC
Speaker
PRESENTATION
- Paula A. Moore, Federal Aviation Administration
This tutorial presents systematic approaches for developing system security requirements and provides structures and criteria for generating them. It explores:
Examples of good and poor security requirements are used throughout.
- Focus and styles for requirements based on the type of audience,
- Types of requirements and requirement look-alikes,
- Characteristics of effective technical and assurance requirements,
- Organization of requirements based on specification styles, and
- Pitfalls in constructing individual requirements.
Paula Moore has been a computer scientist with the FAA for five years, primarily as the Security Lead for a joint FAA/DoD air traffic control system. Her work there has included security risk assessments, security requirements definition and policy development. Previously she was a systems engineer at NOAA performing IV&V and Software Capability Evaluations. Before Government service, Paula spent four years as a senior software engineer at Loral Aerosys responsible for software requirements on the Hubble Telescope Data Archive. She designed and led development for database cataloging and high-speed ingest of telescope images. She also spent five years developing specifications and database applications for transaction processing in the banking industry. She has also taught physics and math in Baltimore County Public Schools. Paula has a Bachelor’s Degree in Physics Education from University of Maryland, a Master’s in Engineering Science In Computer Science from Loyola College of Baltimore, and additional post-graduate education.