NIST SP800-160-vol2-draft.pdfINTRODUCTION THE NEED

文件名称: NIST SP800-160-vol2-draft.pdf

所属分类: 其它

开发工具:

文件大小: 2mb

下载次数: 0

上传时间: 2020-02-25

提供者: sam****

下载 (2mb)

不能下载？报告错误

详细说明：INTRODUCTION THE NEED FOR CYBER RESILIENT SYSTEMS he need for trustworthy secure systems1 stems from a variety of stakeholder needs that are driven by mission, business, and other objectives and concerns. The principles, concepts, and practices for engineering trustworthy secure systems can be expressed in various ways, depending on which aspect of trustworthiness is of concern to stakeholders. [NIST 800-160, Vol.1] provides guidance on systems security engineering with an emphasis on protection against asset loss.2 In addition to security, other aspects of trustworthiness include, for example, reliability, safety, resilience, and privacy. Specialty engineering disciplines address different aspects of trustworthiness. While each specialty discipline frames the problem domain and the potential solution space for its aspect of trustworthiness somewhat differently, [NIST 800-160, Vol. 1] includes systems engineering processes to align the concepts, frameworks, and analytic processes from multiple disciplines to make trade-offs within and between the various aspects of trustworthiness applicable to a system-of-interest.3 NIST Special Publication 800-160, Volume 2 focuses on the property of cyber resiliency, which has a strong relationship to security and resilience, but which provides a distinctive framework for its identified problem domain and solution space. Cyber resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources regardless of the source.4 Cyber resiliency supports mission assurance in a contested environment, for missions which depend on systems which include cyber resources. A cyber resource is an information resource which creates, stores, processes, manages, transmits, or disposes of information in electronic form and which can be accessed via a network or using networking methods. A cyber resource which can be accessed via a

(系统自动生成,下载前可以参看下载内容)