Dec 31
2012
2012
By Douglas C. Schmidt
Principal Researcher
As part of our mission to advance the practice of software engineering and cybersecurity through research and technology transition,
our work focuses on ensuring the development and operation of
software-reliant Department of Defense (DoD) systems with predictable
and improved quality, schedule, and cost. To achieve this mission, the
SEI conducts research and development (R&D) activities involving the
DoD, federal agencies, industry, and academia. As we look back on 2012,
this blog posting highlights our many R&D accomplishments.
Occasionally this blog will highlight different posts from the SEI blogosphere. Today’s post by 
The
majority of research in cyber security focuses on incident response or
network defense, either trying to keep the bad guys out or facilitating
the isolation and clean-up when a computer is compromised. It’s hard to
find a technology website that’s not touting articles on fielding better
firewalls, patching operating systems, updating anti-virus signatures,
and a slew of other technologies to help detect or block malicious
actors from getting on your network. What’s missing from this picture is
a proactive understanding of who the threats are and how they intend to
use the cyber domain to get what they want. Our team of
researchers—which included 
Sabotage
of IT systems by employees (the so-called “inside threat”) is a serious
problem facing many companies today. Not only can data or computing
systems be damaged, but outward-facing systems can be compromised to
such an extent that customers cannot access an organization’s resources
or products. 
It
is widely recognized today that software architecture serves as the
blueprint for both the system and the project developing it, defining
the work assignments that must be performed by design and implementation
teams. Architecture is the primary purveyor of system quality
attributes that are hard to achieve without a unifying architecture;
it’s also the conceptual glue that holds every phase of projects
together for their many stakeholders. Last month, we presented two
posting in a 
Recent Comments