Deborah J. Bodeau

Learn More
Increasing dependence on cyberspace makes preparedness against cyber threats integral to mission assurance. The nature of cyber threats in general – and advanced persistent threats in particular – requires a longer-term commitment from senior leadership, including vision, strategy, and investment prioritization as well as the organizational(More)
With the growing capability, expertise and intent of advanced cyber adversaries, it is no longer realistic to assume that one can successfully keep all adversaries out of a system infrastructure. Therefore, architecture and systems engineering must be based on the assumption that systems or components have been or can be compromised, and that missions and(More)
Evidence and analysis are needed to determine whether, how, and to what extent architectural and operational decisions have an effect on cyber adversary behavior. This is particularly the case for cyber resiliency techniques, which are relatively new compared with conventional perimeter defenses and intrusion detection techniques. In this paper, we propose(More)
encapsulated devices are often passive entities, in contrast to their underlying hardware. Security requirements for devices, however, differ significantly from those for either storage objects or controlled processes: • External policy on use of the system requires that devices pass information only to authorized users. 8I/O handling often accounts for 30(More)
encapsulated devices are often passive entities, in contrast to their underlying hardware. Security requirements for devices, however, differ significantly from those for either storage objects or controlled processes: • External policy on use of the system requires that devices pass information only to authorized users. 8I/O handling often accounts for 30(More)
To perform key business functions, organizations in critical infrastructure sectors such as healthcare or finance increasingly need to share identifying and authorization-related information. Such information sharing requires negotiation about identity safeguarding policies and capabilities, as provided by processes, technologies, tools, and models. That(More)
The Emergency Preparedness and Response (EP&R) community has embraced a wide array of information and communications technologies (ICTs) to support information sharing and communication among participating agencies. Yet many existing and proposed technological solutions remain inadequate to support the unpredictable and frequently changing information(More)