Beruflich Dokumente
Kultur Dokumente
630-252-6168
rogerj@anl.gov
hJp://www.ne.anl.gov/capabili=es/vat
Sponsors
DOE
DoD
DOS
IAEA
NNSA
private
companies
intelligence
agencies
public
interest
organiza:ons
biometrics
courier
bags
GPS
spoong
access
control
cargo
security
reverse
engineering
warehouse
security
product
tampering
product
counterfei=ng
medical
device
security
consul=ng
&
training
physical
security
R&D
security
guard
turnover
insider
threat
mi=ga=on
Definitions
Definitions
Assets
Threats
Attack Scenarios
Delay Paths
Features
Purpose
The purpose of a VA is to:
1. Improve security or
emergency response.
2. Serve as one of the inputs to overall
Risk Management.
INPUT
PARAMETERS
OUTPUT
PARAMETERS:
What
to
protect
How
to
protect
it
How
to
deploy
security
resources
op=mally
DECISION
MAKING
PROCESS
Value
Judgments
Objec=ve
Analysis
Subjec=ve
Analysis
Experience
&
Exper=se
Intui=on
&
Hunches
Micheners Maxim:
We are never prepared for what we expect.
bad guys
therapists
movie critics
computer hackers
scientific peer reviewers
mothers-in-law
Warning!
NORQ
All
eec=ve
security
and
risk
management
is
ul=mately
subjec=ve,
no
maJer
how
much
we
may
wish
to
pretend
it
isnt.
The
Non-Objec=ve
Non-Reproducible
Non-Quan=able
Emergency Response
Two Kinds of Vulnerabilities:
- flaws in the response
- vulnerability to attacks on the response
The
importance
of
a
cradle-to-grave,
secure
chain
of
custody:
Most
security
devices
(locks,
tags,
seals,
access
control
&
biometrics
devices,
monitoring
equipment,
etc.)
can
usually
be
compromised
in
~15
seconds,
at
the
factory
or
vendor,
on
the
loading
dock,
in
transit,
in
the
receiving
department,
before
or
aler
being
installed.
Most
security
and
nuclear
safeguards
devices
have
liJle
built-in
security
or
signicant
ability
to
detect
intrusion/tampering.
http://jps.anl.gov
http://www.ne.anl.gov/capabilities/vat