Click on the diagram to drill down

Dr. Cohen's CV

Standards of Practice
ICS Security
Enterprise Protection
Archives (EARLY DRAFT)
Type Promises
Size Constraints
Purpose Locations
Functions Maturity
People
How does the business work?
Things
Sales Process Resource Supply AR/AP Infrastructure Cost
Market Workflow Transform Inventory Collections Services Shrinkage
Brand Results Value Transport Write-offs Users Collapse
Content Outsource
Failures Modeling
Structure Dependency
Mobility Scope
Oversight
Turns Business Needs into Duties to Protect.
Laws
Owners
Board
Auditors
CEO
Risk Management
Turns Duties to Protect into What to Protect and How Well.
Threats
{Capabilities & Intents}
Vulnerabilities
{Technical, Human, Organizational, Structural}
Consequences
{Brand, Value, Time, Cost}
Accept / Transfer / Avoid / Mitigate
Interdependencies
Function People Applications Systems Physical systems Critical infrastructures
Matching Surety to Risk
Security Management
Uses Power and Influence to Control the Protection Program.
Organizational Governance
Business Processes
Human Actuators & Sensors
Control Architecture
Change control
R&D, test, Change control, test, Production
Access facilitation
Identification, Authentication, Authorization, Use
Trust
Basis, Purpose, Extent
Perimeters
Structure and mechanism
Functional units
I/O, Control, Audit, Surety changes
Control scheme
Possession; Clearance; Roles/rules; Owner authorized; Subject-object
Technical Security Architecture
Protection Processes
Inventory Work flows
Process
Deter
Prevent
Detect
React
Adapt

Data State
At Rest
In Use
In Motion
Protective Mechanisms

Perception:
obscurity - profile - appearance - deception - depiction - cognition
Behavior:
tracking - change - timeframe - fail-safe - fault tolerance - human - separation of duties - least privilege - intrusion/anomaly detection and response
Structure:
control and data flows - digital diodes - firewalls and bypasses - barriers - mandatory / discretionary access controls - zoning
Content:
transforms - filters - markings - syntax - situation - presentation
Content and its business utility
Lifecycles
Business
People
Systems
Data

Context
Time
Location
Purpose
Behavior
Identity
Method
Management Processes
Management
Policy
Standards
Procedures
Documentation
Auditing
Testing
Technology
Personnel
Incidents
Legal
Physical
Knowledge
Training
Awareness
Organization
Protection Objectives
Integrity
Source
Change
Reflects reality
Availability
Access
Intolerance
Redundancy
Confidentiality
Privacy
Secrecy
Aggregation
Accountability
Attribution
Situation
Activity
Use control
Identify
Authenticate
Authorize
Transparency
Process
Implementation
History
Custody
Source
Chain
Status
Overarching
Information
Protection
Model

More papers and articles


More on our services


Metrics