1 This work is supported by the National Science Foundation through ITR program grant No CCR 0296082, and by NASA through a grant from the NASA Office of Safety and Mission Assurance (OSMA) Software Assurance Research Program (SARP) managed through the NASA Independent Verification and Validation (IV&V) Facility, Fairmont, West Virginia. 2 Correspondence author. E-mail: [email protected] Abstract

The purpose of assurance activities is to reduce risk, thereby ensuring requirements. However, assurance activities incur costs such as budget, schedule, mass ( e g , radiation shielding), etc. The selection of assurance activities to perform is thus an assurance optimization problem. For example, for a given budget, selection of the set of assurance activities that will minimize risk (i.e., ma...

Syracuse University is one of thirty-six National Security Agency designated Centers of Academic Excellence in Information Assurance Education. Our IA program was developed within the Center for Systems Assurance (CSA), whose mission is to promote improvement in systems and information assurance through research, education, and technology trans-

With the increased potential of a bona fide cyber terrorist attack and the possibility of a future “war in the wires”, we must continue to improve the education and training of individuals responsible for defending our national borders—whether those borders are physical or electronic. The Information Analysis and Research (IWAR) laboratory at the United States Military Academy (USMA) has proven...

In December 2001 a meeting of interested parties from fifteen four-year IT programs from the US along with representatives from IEEE, ACM, and ABET (CITC-1) began work on the formalization of Information Technology as an accredited academic discipline. The effort has evolved into SIGITE, the ACM SIG for Information Technology Education. During this period three main efforts have proceeded in pa...

Assurance in the security of rapidly evolving enterprises depends on a complex set of evidence. This paper describes a method for structuring this body of evidence into a manageable framework called an “assurance argument.” The method is extremely flexible, and is capable of including all relevant claims and evidence. The structure allows the practitioner to compare the costs and benefits of di...

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi